← Back to vulnerability index

XSS Vulnerability in Uploader (plugin for WordPress) version 1.0.4

Dogn├Ždis Ref.: DGS-SEC-16

CVE Ref: CVE-2013-2287

Release Date: 2013/03/01

Discover Credits: CodeV - Code Analyzer

Bulletin Author(s): RMBR - CodeV Team

Contact: [email protected]

Type: Cross Site Scripting

Level: High (Low/High/Critical)

CVSS: 4.9 (Av:N/AC:L/Au:S/C:C/I:P/A:N)

Vulnerable Application: Uploader plugin for WordPress (1.0.4)

Uploader creates an Uploader role for file uploading.


File: /wp-content/plugins/uploader/views/notify.php Vulnerable Argument(s): $_GET['notify'] $_GET['blog']

line 26: echo $output;

Proof(s) of Concept:

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables attackers to inject client-side script into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.

Generally, by exploiting this kind of vulnerability, it might be possible to achieve possible attack vectors to various kinds of attacks such as:
- Session/Cookie theft
- Account Hijacking
- Identity theft
- Accessing confidential resources
- Accessing pay content
- Account Denial of service

Aiming a correct resolution of the identified vulnerability, the data obtained through the $output input argument should be properly sanitized for HTML and following ECMAS usage.

Official Solution:
At the moment, there is no official solution for the reported vulnerabilities.

External References:

Download the Vulnerability Report (PDF)

← Back to vulnerability index