wp-plugin : walk-score – A3-Cross-Site Scripting (XSS)


Plugin Details


Plugin Name : walk-score


Effected Version : 0.5.5 (and most probably lower version's if any)

Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Anant Shrivastava



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :




Vulnerable Parameter : s, o


Disclosure Timeline


Vendor Contacted : 2014-01-17

Plugin Status : Closed
Public Disclosure : June 12, 2014
CVE Number : CVE-2014-4573

Plugin Description :
Provides WordPress shortcodes for embedding [Walk Score Neighborhood Maps](http://www.walkscore.com/professional/neighborhood-map.php?utm_source=wspi) in your posts and pages. Walk Score Neighborhood Maps display a map for any address that shows a property's location on a map, Walk Score (0-100 score measuring how walkable the location is) and nearby amenities. With the interactive map your visitors can create a Commute Report showing drive times to work to that location, explore lists of amenities by category (schools,restaurants, coffee shops, etc). The map displays a Google map by default, but offers your visitors options to use Street View (Google), Bird's Eye view (Bing), a walkability heat map and a 15-minute walkability zone (walkshed).

Features in Walk Score 0.5 series include:

* Embed neighborhood maps in posts.
* Set default sizes (small, medium or large) and format (vertical or horizontal)
* Override default settings in the shortcode for a specific post

You'll need a [Walk Score ID](http://www.walkscore.com/professional/sign-up.php?utm_source=wspi) to use it this plugin.  The ID is free for personal blogs, with paid subscriptions you can remove ads and outbound links.

Leave a Reply

Your email address will not be published. Required fields are marked *