12 Oct

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Booking Calendar

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

Recently we noted that the security scanner service Detectify seemed to have disclosed a number of unfixed reflected cross-site ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for half off (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

11 Oct

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in My WP Translate

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

Recently the web scanner service Detectify has been vaguely disclosing minor vulnerabilities in a number of WordPress plugins. It seems ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for half off (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

06 Oct

Vulnerability Details: Reflected Cross-Site Scriting (XSS) Vulnerability in Crelly Slider

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

Last Friday we noted that the security scanner service Detectify seemed to have disclosed a number of unfixed reflected cross-site ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for half off (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

04 Oct

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in WooCommerce PDF Invoices & Packing Slips

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

On Friday we noted that the security scanner service Detectify seemed to have disclosed a number of unfixed reflected cross-site ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for half off (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

02 Oct

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Google Pagespeed Insights

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

On Friday we noted that the security scanner service Detectify seemed to have disclosed a number of unfixed reflected ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for half off (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

22 Sep

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in 2kb Amazon Affiliates Store

The changelog entry for version 2.1.1 of the plugin 2kb Amazon Affiliates Store is “Security fix, thanks to Ricardo”. In looking over the changes made in that version we found it was a reflected cross-site scripting (XSS) vulnerability that was fixed. (After we finished up writing this post a report was released from the discoverer of the vulnerability, but it is inaccurate in a ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for half off (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

31 Aug

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in BackupGuard

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

An advisory released by the JPCERT/CC and IPA states that a reflected cross-site scripting (XSS) vulnerability had been fixed in version ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for half off (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

26 Jul

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Simple Custom CSS and JS

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

An advisory released by the JPCERT/CC and IPA states that a reflected cross-site scripting (XSS) vulnerability had been fixed in version ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for half off (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

26 Jul

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Popup Maker

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

An advisory released by the JPCERT/CC and IPA states that a cross-site scripting (XSS) vulnerability had been fixed in version 1.6.5 ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for half off (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

25 Jul

Reflected Cross-Site Scripting (XSS) Vulnerability in WebLibrarian

Recently a change was made to plugin WebLibrarian that was supposed to “Fix XSS problem in front end short codes.”. After not finding any report had been put out on this issue we started looking over things to see if there was in fact a vulnerability and then prepare a post on it for our customer.

Before we were able to figure out how the issue could be exploited we found that a related vulnerability existed as of the new version.

When a page or post with the shortcode “weblib_itemlist” is visited the function item_list() is run, which is located /includes/short_codes.php.  Several lines in, the following code ran:

$result = "\n<!-- barcodetable: _REQUEST is ".print_r($_REQUEST,true)." -->\n";

That code will output and GET or POST inputs without them being escaped, which could be exploited for reflected cross-site scripting (XSS).

After notifying the developer of the issue, they resolved it the next day by commenting out the line (it was debug code).

Proof of Concept

The following proof of concept will cause any available cookies to be shown in alert box. Major web browsers other than Firefox provide XSS filtering, so this proof of concept will not work in those web browsers.

Visit a post or page that has the “weblib_itemlist” shortcode and add the following URL parameter to the URL and then visiting the resulting URL (add a “?” before it if there are not already an URL parameters):

xss=--><script>alert(document.cookie);</script>

Timeline

  • July 24, 2017 – Developer notified.
  • July 25, 2017 – Version 3.4.8.7 released, which fixes vulnerability.