wp-plugin : keyring – A3-Cross-Site Scripting (XSS)


Plugin Details


Plugin Name : keyring


Effected Version : 1.5 (and most probably lower version's if any)

Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Anant Shrivastava



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :



Vulnerable Parameter : sig_method


Type of XSS : Reflected


Fixed in : 1.5.1


Trac Changelog : https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=834526%40keyring&old=804079%40keyring&sfp_email=&sfph_mail=


This specific vulnerability is indeed a flaw in oauth sdk php sample code, multiple wordpress plugin were leveraging this same code and hence a parallel disclosure was made: The entry on OSVDB for the same is listed here : http://osvdb.org/show/osvdb/101897


Disclosure Timeline


Vendor Contacted : 2014-01-05

Plugin Status : Updated on 2014-01-07
Public Disclosure : July 7, 2014
CVE Number : Not assigned yet

Plugin Description :
See the [Keyring Developer's Guide](http://dentedreality.com.au/projects/wp-keyring/) for more details.

Keyring provides a very hookable, completely customizable framework for connecting your WordPress to an external service. It takes care of all the heavy lifting when making authenticated requests, so all you need to do is implement cool features and not worry about these tricky bits.

Out of the box, Keyring currently comes with base Service definitions for webservices which use:

* HTTP Basic
* OAuth1
* OAuth2

And includes an example service implementation (services/extended/example.php) plus ready-to-use definitions for:

* [Delicious](http://delicious.com/)
* [Facebook](http://facebook.com/)
* [Flickr](http://flickr.com/)
* [Foursquare](http://foursquare.com/)
* [Google Contacts](http://google.com/)
* [Instagram](http://instagram.com/)
* [Instapaper](http://instapaper.com/)
* [LinkedIn](http://linkedin.com/)
* [Moves](http://moves-app.com/)
* [RunKeeper](http://runkeeper.com/)
* [TripIt](http://tripit.com/)
* [Tumblr](http://tumblr.com/)
* [Twitter](http://twitter.com/)
* [Yahoo! Updates](http://yahoo.com/)

You can very easily write your own Service definitions and then use all the power of Keyring to hook into that authentication flow. See the [Keyring Developer's Guide](http://dentedreality.com.au/projects/wp-keyring/) for more details.

Leave a Reply

Your email address will not be published. Required fields are marked *