wp-plugin : video-comments-webcam-recorder | Code Vigilant : to err is human.. To fix is Humanity

Wp Plugin Video Comments Webcam Recorder

Plugin Details

Plugin Name: wp-plugin : video-comments-webcam-recorder

Effected Version : 1.55 (and most probably lower version's if any)

Vulnerability : Cross-Site Scripting (XSS)

Minimum Level of Access Required : Unauthenticated

CVE Number : CVE-2014-4567

Identified by : Anantshri

WPScan Reference URL

Disclosure Timeline

January 15, 2014: Vendor Contacted
January 16, 2014 : Plugin Updated
June 12, 2014 : Public Disclosure

Technical Details

http://localhost/wp-content/plugins/video-comments-webcam-recorder/comments/videowhisper2/r_logout.php?message=

// Vulnerable Parameter : message Trac Log : https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839986%40video-comments-webcam-recorder&old=686438%40video-comments-webcam-recorder Note : This plugin was updated in place which means those who downloaded this version from the time of release till the fix was applied are all vulnerable however after fix date any download is patched.