wp-plugin : flash-photo-gallery – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : flash-photo-gallery

 

Effected Version : 0.7 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Prajal Kulkarni

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 

http://127.0.0.1/wordpress/wp-content/wp-plugs/flashphotogallery/fpg_preview.php?path=path%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-21

 
Plugin Status : Updated on 2014-01-11
 
Public Disclosure : April 25, 2014
 
CVE Number : CVE-2014-4529

 
Plugin Description :
 
Creates a Flash Photo Gallery like one provided in Adobe Photoshop CS2 Flash Web Photo Gallery templates. Features include:

1. Compatible with Wordpress and Wordpress MU.
1. Create and manage multiple Flash Photo Galleries.
1. Customize galleries by specifying titles, colors, thumbnail size and a lot more options.
1. Uses the wordpress built-in media uploader (media-upload.php) to add photos to.
1. Multiple photo galleries can be added in any page or post using a simple short code.
1. Uses SWFObject (http://code.google.com/p/swfobject/) for embedding swf

Height and width of the gallery swf can be (optionally) specified using the shortcode - `[fpg id="" height="" width=""]`

Note: In versions prior to 2.7 Flash Photo Gallery is displayed under the Page menu. In 2.7 and later versions, it is displayed under Media.

Demo Photo Gallery: [http://webdlabs.com/projects/flash-photo-gallery/](http://webdlabs.com/projects/flash-photo-gallery/)

= Whats new in 0.7? =

Height and width of the gallery swf can be (optionally) specified using the shortcode

Leave a Reply

Your email address will not be published. Required fields are marked *