Login

Tag Archives: Reflected Cross-Site Scripting (XSS)

22 Feb 2019

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in Easy Testimonial Slider

One of the changelog entries for the latest version of Easy Testimonial Slider is “Improve security”. Looking at the changes made in that version we found a lot of changes that could be related to a vulnerability, so we checked the previous version of the plugin with our Plugin Security Checker tool to see if that would identify any possible issues that we could then look further in to. Through that we found that at least a reflected cross-site scripting (XSS) vulnerability had been fixed in the new version.

[Read more]

11 Feb 2019

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in NextScripts: Social Networks Auto-Poster

One of the changelog entries for the latest version of NextScripts: Social Networks Auto-Poster is “Bug Fix – [Security] Several security fixes.” Looking at the changes made in that version we found that part of what that referred to was fixing a reflected cross-site scripting (XSS) we disclosed back in November (that plugin was never removed from the Plugin Directory, so the WordPress team knowingly left a vulnerable plugin in the Plugin Directory for several months). We also found that another reflected cross-site scripting (XSS) vulnerability had been fixed as well.

[Read more]

4 Feb 2019

Vulnerability Details: Reflected XSS in WP Support Plus Responsive Ticket System

The changelog for latest version of  WP Support Plus Responsive Ticket System is “Fix : HTML injection security issues fixed”. Looking at the changes made in that version there were numerous instances where variables were attempted to be escaped, mostly using htmlentities(), which isn’t really the function that should be used. In trying to figure out if there was a vulnerability that was fixed (versus just a precautionary change) we ran the previous version of the plugin through our Plugin Security Checker tool. The results of that indicated that there were a few instances where the escaping was added where the tool flagged there previously possibly being an issue. A quick check confirmed they were vulnerable and that the change made related to them didn’t fix the vulnerability.

[Read more]

28 Jan 2019

Full Disclosure of Reflected Cross-Site Scripting (XSS) Vulnerability in WordPress Plugin with 100,000+ Installs

As part of our work to further improve our Plugin Security Checker, an automated tool anyone can use to check to see if a WordPress plugin possibly contains security issues, we log the results of check for plugins in the Plugin Directory and do spot checks of those. Through that we found that the plugin, Download Manager, which has 100,000+ active installations according to wordpress.org, contains a reflected cross-site scripting (XSS) vulnerability.

Due to the moderators of the WordPress Support Forum’s continued inappropriate behavior we are full disclosing vulnerabilities in protest until WordPress gets that situation cleaned up, so we are releasing this post and then only trying to notify the developer through the WordPress Support Forum. You can notify the developer of this issue on the forum as well. Hopefully the moderators will finally see the light and clean up their act soon, so these full disclosures will no longer be needed (we hope they end soon). You would think they would have already done that since a previously full disclosed vulnerability was quickly on hackers’ radar, but it appears those moderators have such disdain for the rest of the WordPress community that their continued ability to act inappropriate is more important that what is best for the rest of the community. [Read more]

25 Jan 2019

Reflected Cross-Site Scripting (XSS) Vulnerability in Smart Forms

Earlier today we detailed a failed attempt to fix a reflected cross-site scripting (XSS) vulnerability in the latest version of Smart Forms. When putting together a post detailing a vulnerability discovered by others, we check to see if that vulnerability is something that would have been caught by our Plugin Security Checker, an automated tool anyone can use to check to see if a WordPress plugin possibly contains security issues, so that we can continue to improve that tool. With this plugin we found the code that was attempted to be fixed was flagged by the tool and an additional line of code that wasn’t changed in the latest version of the plugin was also flagged. Further checking confirmed that additional line was also vulnerable.

Due to the moderators of the WordPress Support Forum’s continued inappropriate behavior we are full disclosing vulnerabilities in protest until WordPress gets that situation cleaned up, so we are releasing this post and then only trying to notify the developer through the WordPress Support Forum. You can notify the developer of this issue on the forum as well. Hopefully the moderators will finally see the light and clean up their act soon, so these full disclosures will no longer be needed (we hope they end soon). You would think they would have already done that since a previously full disclosed vulnerability was quickly on hackers’ radar, but it appears those moderators have such disdain for the rest of the WordPress community that their continued ability to act inappropriate is more important that what is best for the rest of the community. [Read more]

25 Jan 2019

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in Smart Forms

The changelog for the latest version of the plugin Smart Forms is “Security fix.” Looking at the changes made in that we found that one set of changes was labeled as “escaping get and post requests“, but we found that one of the changes involved a reflected cross-site scripting (XSS) vulnerability occurring on two lines in a row in the plugin, which was not actually escaped.

[Read more]

16 Jan 2019

Vulnerabilty Details: Reflected Cross-Site Scripting (XSS) in spam-byebye

Recently a vague report was released about a cross-site scripting vulnerability being in the plugin spam-byebye, which was reported to have been discovered by qw3rTyTy. The report indicated that the issue might have been fixed in a version of the plugin subsequent to version 2.2.1. In looking at the changes made in the next version, 2.2.2, we found that a reflected cross-site scripting (XSS) vulnerability had been fixed that had been accessible though the plugin’s admin page.

[Read more]

7 Jan 2019

Our Plugin Security Checker Could Have Warned You About the Possibility of Vulnerabilities in a Couple of WordPress Plugins with 80,000 Installs

On Friday we noted in our post detailing a reflected cross-site scripting (XSS) vulnerability in the WordPress plugin Ninja Forms, which has 1+ million active installations according to wordpress.org, that our Plugin Security Checker,  which is a tool that allows anyone to see if there are possible security issues in WordPress plugins that could use further investigation, had been updated to better catch that type of issues like that based on variations that existed in that plugin’s code from how things are normally done.

We were also interested in seeing if there were other popular plugins that might have similarly vulnerable code that had yet to be have been caught by anyone due those variations, so we ran the updated check from the Plugin Security Checker over the 1,000 most popular plugins in the WordPress Plugin Directory. What we found was there are a number of those plugins that look like they might be vulnerable, though most of them didn’t contain the variations, so our Plugin Security Checker would have already spotted them. [Read more]

4 Jan 2019

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in Ninja Forms

Yesterday a new version of the plugin Ninja Forms was released with the changelog entry “Patched a reflected XSS vulnerability in our administrative dashboard. Thank you to Samuel Anttila at netsec.expert for practicing responsible disclosure.” Looking at the changes made in that version we found that exactly described the issue being fixed, with the page this was occurring on named Dashboard.

[Read more]

14 Dec 2018

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

Yesterday the plugin WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels came on to our radar when it got flagged by our proactive monitoring of changes being made to WordPress plugins to try to catch serious vulnerabilities when they are introduced in to plugins. While it turned out the plugin was not vulnerable due to what was flagged, we noticed that the plugin was closed on the Plugin Directory and that general security changes had just been made to the plugin. Since then plugin has been reopened. There were not any obvious major security issues that we saw in glancing over the changes made, so we ran the version of the plugin prior to the changes through our Plugin Security Checker to see if it identified any issues and it found a reflected cross-site scripting (XSS) vulnerability.

[Read more]