wp-plugin : dmca-watermarker – A3-Cross-Site Scripting (XSS)


Plugin Details


Plugin Name : dmca-watermarker


Effected Version : 1.0 (and most probably lower version's if any)

Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Prajal Kulkarni



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :



Vulnerable Parameter : plugin_dir

Trac ChangeLog :


Disclosure Timeline


Vendor Contacted : 2014-01-21

Plugin Status : Updated on 2014-01-11
Public Disclosure : May 28, 2014
CVE Number : CVE-2014-4520

Plugin Description :
The DMCA.com WaterMarker plugin for WordPress allows you to easily integrate DMCA.com's WaterMarking for a specific folder into your WordPress site.
For more information about the features & benefits of the service visit [DMCA.com](http://www.dmca.com/protection.aspx?ad=wpo)

[» Register](http://www.dmca.com/Badges.aspx?ad=wpo) | [» Learn More](http://www.dmca.com/Protection.aspx?ad=wpo) | [» Upgrade to Pro](https://www.dmca.com/Toolkit/signup.aspx?lnk=wps&mpi=DMCA%20Toolkit)

Once installed and activated, you can use the DMCA WaterMarker page in your Dashboard's Settings Menu to specify how your choice of badge should be displayed in posts and pages. You can also choose to display your badge site-wide using the DMCA Badge Widget. You can use the badges for free but we suggest that you sign up for an account at dmca.com in order to receive the full benefit of the certified badges.

Leave a Reply

Your email address will not be published. Required fields are marked *