Wordpress Newsletter plugin version 3.2.6 is vulnerable to Cross Site Scripting (XSS).
This is a very popular Newsletter plugin for wordpress which already have 605,780+ downloads. This vulnerability has been found by Gjoko Krstic.
Plugin vulnerability is already reported and fixed in the new version.
According to the vulnerability founder
The plugin suffers from a XSS issue due to a failure to properly
sanitize user-supplied input to the 'alert' GET parameter in the 'page.php'
script. Attackers can exploit this weakness to execute arbitrary HTML
and script code in a user's browser session.
The problem is in "/subscription/page.php"
70: <?php if (!empty($alert)) { ?>71: <script>72: alert("<?php echo addslashes($alert); ?>");73: </script>74: <?php } ?>
And the link should look like this
http://vuln-site.com/wp-content/plugins/newsletter/subscription/page.php?alert=</script><script>alert(/XSS/);</script>
Here is the Exploit information : http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php
Solution: Update the plugin to the latest version. The problem has already been fixed.
Plugin page link -> http://wordpress.org/extend/plugins/newsletter/
0 comments:
Post a Comment