wp-plugin : omfg-mobile – A3-Cross-Site Scripting (XSS)


Plugin Details


Plugin Name : omfg-mobile


Effected Version : 1.1.26 (and most probably lower version's if any)

Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Prajal Kulkarni



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :




Disclosure Timeline


Vendor Contacted : 2014-01-21

Plugin Status : Closed
Public Disclosure : May 28, 2014
CVE Number : CVE-2014-4541

Plugin Description :
Are you running a mobile marketing campaign? Do you have a custom QR Code that needs a beautiful mobile landing page?

With OMFG Mobile you can easily create, manage and deploy unlimited Mobile Landing Pages using WordPress.

From a single WordPress install, you can create unlimited mobile landing pages, each using different themes*, settings and content, and deploy them straight from WordPress.

*Themes and Add-ons available at OMFGMobile.com

= HTML5 & CSS3 =
OMFG Mobile makes it easy to create HTML5 and CSS3 based mobile landing pages, providing beautiful pages that function great on all the most popular mobile devices.

= iOS and Android Support =
iOS and Android devices are some of the most popular mobile devices in the world. OMFG Mobile provides you with mobile landing pages that look and work great on iOS and Android.

= Shortcode Generator =
OMFG Mobile provides several unique short codes to help make your mobile landing pages unique, and with our short code generator, it's easier than ever to visualize your short codes before you put them in your pages.

Shortcodes bundled with OMFG Mobile include buttons, toggles, tabs, callout boxes and more!

= Add-Ons =
Looking for a different theme? Need a special feature like a responsive gallery or slideshow? OMFG Mobile provides themes and add-ons to make your mobile landing pages stand out.

OMFG Mobile has a set of hooks that make it easy for plugin developers to create add-ons to enhance the Mobile Landing Pages in new and exciting ways. Send us a message on our Facebook page at facebook.com/visioniz if you are interested in developing themes or add-ons for OMFG Mobile.

Leave a Reply

Your email address will not be published. Required fields are marked *