wp-plugin : coupon-tab-for-directorypress-pp – A3-Cross-Site Scripting (XSS)


Plugin Details


Plugin Name : coupon-tab-for-directorypress-pp


Effected Version : 0.2.0 (and most probably lower version's if any)

Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Anant Shrivastava



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :



Vulnerable Parameter : cfh, cc, cb, cd, ce, cdt, cdet, cs, cfw, surl


Type of XSS : Reflected


Disclosure Timeline


Vendor Contacted : 2014-01-04

Plugin Status : Closed
Public Disclosure : July 7, 2014
CVE Number : Not assigned yet

Plugin Description :
Coupon Tab (pp-coupon-tab) creates a new tab on the directory
listing page of Directory Press. This tab is titled "Coupon"
and displays the coupons listed by the registered users.

This plugin requires DirectoryPress and has been tested till
version 7.1.3 with a slight modification. Please check
installtion notes for details.

Leave a Reply

Your email address will not be published. Required fields are marked *