wp-plugin : ss-downloads – A3-Cross-Site Scripting (XSS)


Plugin Details


Plugin Name : ss-downloads


Effected Version : 1.4.41 (and most probably lower version's if any)

Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Prajal Kulkarni



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :



Vulnerable Parameter :title


Disclosure Timeline


Vendor Contacted : 2014-01-21

Plugin Status : Updated on 2014-01-21
Public Disclosure : May 28, 2014
CVE Number : Not assigned yet

Plugin Description :
Adds a short code like [download file="path_to_file"] that embeds a form in the post asking for an email address before showing a link to a file for download. Great for promoting white papers and other digital assets on your site.

Live demo: http://www.strangerstudios.com/blog/2010/07/ss-downloads-wordpress-plugin/

The plugin works in 3 parts.

1. The short code to add the form to your pages.

2. The logic to check (using session variables) if the user has provided an email address before showing either the email capture form or the download link.

3. A script to serve files securely. It checks for the same session variable before delivering the file. Files can be located outside the web directory or servered from the uploads folder, etc, with an obfuscated URL.

The look of the email and download forms can be changed by copying files from the /css/ and /templates/ folder of the plugin into your active theme folder. Rename the files ssd-original_file_name.php/css (e.g. ssd-download.php or ssd-ss-downloads.css) and edit as needed.

Leave a Reply

Your email address will not be published. Required fields are marked *