wp-plugin : wp-responsive-preview – A3-Cross-Site Scripting (XSS)


Plugin Details


Plugin Name : wp-responsive-preview


Effected Version : 1.1 (and most probably lower version's if any)

Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Anant Shrivastava



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :



Vulnerable Parameter: url


Disclosure Timeline


Vendor Contacted : 2014-01-17

Plugin Status : Updated on 2014-02-02
Public Disclosure : June 12, 2014
CVE Number : CVE-2014-4594

Plugin Description :
=Preview your site at random page widths to test your Responsive design.=

WP Responsive Preview provides an additional previewing options for your site. Loading a Responsive Preview will load the page in a flexible framework at a random width, helping you see how your page looks at different widths. It also lets you re-randomise the width quickly, to test multiple widths.

This plugin is based entirley on [ish. from Brad Frost][http://bradfrostweb.com/demo/ish/] - a great standalone tool for previewing your site at random widths. His post does the best job of explaining the reasoning behind ish. (and therefore WP Responsive Preview).

"The real reasons for this tool is to educate and to facilitate a mental shift. Many clients, designers and developers get hung up on specific device widths, which is why this tool doesn’t include any such language, device chrome or anything like that. Ish. helps keep everyone focused on making a design that looks and functions great at any resolution."

Leave a Reply

Your email address will not be published. Required fields are marked *