BugTraq
WordPress User Submitted Posts Plugin [Persistent XSS] Feb 24 2016 08:21PM
Panagiotis Vagenas (pan vagenas gmail com)
* Exploit Title: WordPress User Submitted Posts Plugin [Persistent XSS]
* Discovery Date: 2016-02-10
* Exploit Author: Panagiotis Vagenas
* Author Link: https://twitter.com/panVagenas
* Vendor Homepage: https://plugin-planet.com/
* Software Link: https://wordpress.org/plugins/user-submitted-posts/
* Version: 20151113
* Tested on: WordPress 4.4.2
* Category: WebApps, WordPress

Description
-----------

_User Submitted Posts_ plugin for WordPress suffers from a XSS
vulnerability. The `user-submitted-content` field of the new post
submission form is not properly sanitized, thus allowing users to
include JS code to submitted post content.

Normally only users with `unfiltered_html` capability are allowed to
include JS code to post content. By default Administrators or Super
Administrators have this capability, so this is considered as Persistent
XSS vulnerability.

PoC
---

1. Submit the form inserting JS code to post content
2. View the newly created post
3. JS code is executed

Solution
--------

Upgrade to v20160215

Timeline
--------

1. **2016-02-10**: Vendor notified via contact form at his website
2. **2016-02-10**: Vendor responded and received details about the issue
3. **2016-02-14**: Vendor released version 20160215

User Submitted Posts [Persistent XSS].md

* Exploit Title: User Submitted Posts [Persistent XSS]
* Discovery Date: 2016-02-10
* Exploit Author: Panagiotis Vagenas
* Author Link: https://twitter.com/panVagenas
* Vendor Homepage: https://plugin-planet.com/
* Software Link: https://wordpress.org/plugins/user-submitted-posts/
* Version: 20151113
* Tested on: WordPress 4.4.2
* Category: WebApps, WordPress

Description
-----------

_User Submitted Posts_ plugin for WordPress suffers from a XSS
vulnerability. The `user-submitted-content` field of the new post
submission form is not properly sanitized, thus allowing users to
include JS code to submitted post content.

Normally only users with `unfiltered_html` capability are allowed to
include JS code to post content. By default Administrators or Super
Administrators have this capability, so this is considered as Persistent
XSS vulnerability.

PoC
---

1. Submit the form inserting JS code to post content
2. View the newly created post
3. JS code is executed

Solution
--------

Upgrade to v20160215

Timeline
--------

1. **2016-02-10**: Vendor notified via contact form at his website
2. **2016-02-10**: Vendor responded and received details about the issue
3. **2016-02-14**: Vendor released version 20160215

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus