wp-plugin : wp-app-maker – A3-Cross-Site Scripting (XSS)


Plugin Details


Plugin Name : wp-app-maker


Effected Version : (and most probably lower version's if any)

Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Anant Shrivastava



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :



Vulnerable Parameter : uid


Disclosure Timeline


Vendor Contacted : 2014-01-17

Plugin Status : Closed
Public Disclosure : June 4, 2014
CVE Number : CVE-2014-4578

Plugin Description :
WP App Maker let you easily generate and start distributing an Android Mobile App for Wordpress just a few minutes after installing it.
It requires a user registration just in order to enable the cloud app generation service.

Here are some of its powerful features:

* Toolbar and text colors customization
* Launcher Icon generator
* Mobile Categories customization and filtering
* Widget for publishing your QRCode on the sidebar
* Usage tracking powered by Google Analytics (*)
* Monetization based on AdWhirl services (*)
* Images size optimization
* Fast caching engine for offline usage

(*) features available only for the PRO version.

More details are available on the official website:
[wpappmaker.com](http://wpappmaker.com "WP App Maker")

**The 5 minutes setup**
[youtube http://www.youtube.com/watch?v=V2U9WTLMUhc]

**Sample App**
[youtube http://www.youtube.com/watch?v=CjXGvD6XuCs]

Leave a Reply

Your email address will not be published. Required fields are marked *