wp-plugin : dsidxpress

Plugin Details
Plugin Name: wp-plugin : dsidxpress
Effected Version : 2.1.0 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Identified by : prajalkulkarni
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :

Disclosure Timeline
Vendor Contacted : 2014-01-21
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number : CVE-2014-4521
Plugin Description :
[| [Diverse Solutions]: http://www.diversesolutions.com "Diverse Solutions, plugin author" With the [dsIDXpress plugin](http://www.dsidxpress.com), bloggers can embed **live** real estate listings (using what is known as *I*nternet *D*ata E*x*change, or IDX) into their blog's posts and pages using something WordPress calls "shortcodes" and into their sidebars using the included widgets. The plugin also functions as a full IDX solution by allowing visitors to search for, and view the details of, listings in the MLS. *Important requirements to use this plugin* * You must be an active member with a multiple listing service (MLS). This means that anyone other than real estate agents and brokers (and, in some MLS's, even agents are excluded) cannot use this plugin. * The executives at the MLS must be progressive enough to allow the data to be syndicated to your blog from our ([Diverse Solutions]) API. * Downloading and installing the dsIDXpress plugin is 100% free, but getting the data from your MLS is not. You can use the [free demo data](http://www.dsidxpress.com/tryit/) in the beginning and move on to [obtaining your MLS's data](http://www.dsidxpress.com/) after you've evaluated it. * Your web host must be running at least PHP 5.2. PHP 5.2 has been out for 3 years at this point, so if they aren't using PHP 5.2, they're quite a ways behind the times. This is almost never an issue nowadays. * You must be using at least WordPress 2.8. It will run faster on WordPress 2.9.1 and later. [dsIDXpress](http://www.dsidxpress.com/) contains many advanced features that enable bloggers to create "sticky content," visitors to find properties they like, and search engines to crawl the MLS data so that the listings show up with the blogger's domain in the search engines. It is intended to be a real estate agent's / broker's all-inclusive interface between the MLS they belong to and their WordPress site / blog. Following is a very high-level overview of the plugin's functionality. * It actually embeds the live MLS data INTO the blog -- **it does NOT use HTML "iframes!"** * It is **extremely easy** to set up, requiring 17.43 seconds of your time on average. It's downloaded and installed like any other WordPress plugin and there's only one field to fill in (the [activation key](http://www.dsidxpress.com/tryit/)) to activate all of the plugin's functionality. * The plugin is **exceptionally fast**. In some cases, loading the MLS data is actually faster than loading the WordPress data! * It has fanatical attention to detail, which is reflected in search engine rankings. The HTML that the plugin outputs is semantically correct and is streamlined for speed, the HTML `title` and `meta name="description"` tags are supported (`meta name="description"` through many of the WordPress SEO packs), and the dynamic URLs reflect the content on the page. A large number of simliar details too numerous to mention are built into the core of the plugin. * It has built-in support for WordPress shortcodes, allowing bloggers to **embed live listing data from the MLS** into their blog posts / pages. Adding / editing these shortcodes is made easy by using the tools that dsIDXpress builds into WordPress's page / post editor. * The `idx-listings` shortcode embeds listings for particular areas into a blog post / page. For example, if a blogger typed `[idx-listings city="Laguna Beach" count="10"]` into their post, the 10 newest listings from the MLS in Laguna Beach would show up in place of that text when the post is displayed; each listing / photo links to the full property details. The data is *live*, so whether the post is viewed the next day or the next month, the 10 newest listings would always be displayed. * The `idx-listing` shortcode embeds a single listing into a blog post / page. For example, putting `[idx-listing mlsnumber="U8000471"]` into the post would show the LIVE primary information for that MLS #. If the price gets changed, photos get added, the property goes off the market, or otherwise anything at all changes, the data will always reflect the changes from the MLS. A blogger could also use the `showall="true"` option (i.e. `[idx-listing mlsnumber="U8000471" showall="true"]`) to show ALL of the data for that area (extended details and features, price changes, schools, and even a map that will show up in Google Reader). * It comes with a number of **built-in IDX widgets** that allow bloggers to rapidly start embedding the MLS data into the blog. * The **IDX Listings widget** allows the blog owner to show listings within an area (city, community, tract, or zip), show their own listings, show their office's listings, or show listings based on a completely customizable search. The widget can be configured to show up to 50 listings at a time and can be set to show the properties in a list, on a map, or in a detailed slideshow. * The **IDX Areas widget** allows the blog owner to display a simple list of links to the different areas (cities, communities, tracts, or zips) they service. This makes it super easy for both website visitors and search engines to view all of the listings in that area. * The **IDX Search widget** allows the blog owner to show an MLS search form. The results are displayed as HTML on the user's blog. * The plugin has a great deal of **intelligent URL handling** functionality built-in. It supports and actively enforces canonical URLs and 301 redirects where appropriate to the functionality of the IDX. The URL structure itself is designed to be clean, simple, and readable. * A property URL is in the form of `/mls-<MLS_NUMBER>-address`. For example, the url for MLS # L29755 looks like this: `yourblog.com/idx/mls-l29755-2665_riviera_dr_laguna_beach_ca_92651`. If the address changes, a 301 redirect is issued to the new URL. * The search results URL is in the form of `/city/<CITY_NAME>`. Similar to the property URLs, 301 redirects are issued where appropriate to ensure that the base URL is always correct. * Canonical URLs are set for every IDX page to ensure search engines know the "true" url for the content -- even when the base URL is correct. * ... and so much more! If you'd like to **see the plugin in action**, you can check out our [dsIDXpress demo site](http://www.daniellecordova.com/). If you'd like to read more or purchase this plugin, please take a look at our [dsIDXpress site](http://www.dsidxpress.com/). Finally, if you'd like to obtain a **demo activation key** to use this plugin on your own blog, you can request one on our ["Try It Out!"](http://www.dsidxpress.com/tryit/) page. *Note: If you're searching for idx press, idxpress, ds idxpress, id xpress, or id express, this is the plugin you're probably looking for.* ]