wp-plugin : toolpage – A3-Cross-Site Scripting (XSS)


Plugin Details


Plugin Name : toolpage


Effected Version : 1.6.1 (and most probably lower version's if any)

Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Prajal Kulkarni



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :


Disclosure Timeline


Vendor Contacted : 2014-01-12

Plugin Status : Closed on 2014-01-11
Public Disclosure : April 25, 2014
CVE Number : CVE-2014-4560

Plugin Description :

Create unlimited Landing Pages for your OnLine Advertising.
ToolPage is a plugin to manage one or more landing pages. You have more Template-scheme based on elements called Box. **You can set a ToolPage as Homepage/Front Page.**

A **ToolPage** is composed of one or more **Box**. A Template is composed of one or more columns.

General Infos of a **ToolPage**:

* 	NEW: Appearance Themes Base and Professional
* 	NEW: Admin toolbar links
* 	NEW: Widget
* 	Box Type: text / html, image, menus, forms, twitter, facebook, youtube
* 	Customizing CSS: background color, font, font color, font size
* 	Custom CSS-style
* 	SEO Friendly URL
* 	SEO Optimization
* 	Google Analytics


*	Permalinks activated


Crea illimitate pagine ToolPage dedicate alle tue Campagne OnLine: le Landing Pages.
ToolPage è l'unico plugin in grado di farti gestire una o più Landing Pages con diversi schemi grafici e personalizzabili. Gli schemi grafici sono basati su elementi chiamati Box. **Puoi impostare una ToolPage come Homepage/Front Page.**

Una **ToolPage** è composta da uno o più **Box**. Uno schema grafico è composto da una o più colonne.

Caratteristiche Generali di una **ToolPage**:

* 	NEW: Temi Base and Professional
* 	NEW: Admin toolbar links
* 	NEW: Widget
* 	Tipologie Box: text/HTML, image, menu, form, twitter, facebook, youtube
* 	Personalizzazione CSS: colore sfondo, font, colore font, dimensione font
* 	CSS personalizzati
* 	URL SEO Friendly
* 	Ottimizzazione SEO
* 	Google Analytics


*	Permalinks attivato

Leave a Reply

Your email address will not be published. Required fields are marked *