wp-plugin : video-comments-webcam-recorder – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : video-comments-webcam-recorder

 

Effected Version : 1.55 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Anant Shrivastava

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 

http://localhost/wp-content/plugins/video-comments-webcam-recorder/comments/videowhisper2/r_logout.php?message=

//   Vulnerable Parameter : message   Trac Log : https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839986%40video-comments-webcam-recorder&old=686438%40video-comments-webcam-recorder Note : This plugin was updated in place which means those who downloaded this version from the time of release till the fix was applied are all vulnerable however after fix date any download is patched.

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-15

 
Plugin Status : Updated on 2014-01-16
 
Public Disclosure : June 12, 2014
 
CVE Number : CVE-2014-4567

 
Plugin Description :
 
The Video Comments Webcam Recorder allows WordPress users to record video comments as responses to posts or to other comments. If the user is not logged into WordPress he cannot access this feature.
Supports playback with JwPlayer plugin.

Special requirements: This plugin has requirements beyond regular WordPress hosting specifications: a RTMP host is needed for persistent connections to manage live interactions and streaming (Wowza recommended). More details about this, including solutions are provided on the Installation section pages.

Leave a Reply

Your email address will not be published. Required fields are marked *