XSS Vulnerabilities Discovered

  • Resolved CelticParser

    (@celticparser)


    9 years, 10 months ago

    Hi,

    I found some XSS Vulnerabilities in this plugin (v0.5). Please check the following:

    /google-authenticator-per-user-prompt/google-authenticator-per-user-prompt.php:

    Line 148:

    $action_url = add_query_arg( array( 'action' => 'gapup_token' ), wp_login_url( $redirect_to ) );

    and line 149:

    $action_url = add_query_arg( array( 'remember_me' => $remember_me ), $action_url );

    The add_query_arg functions needs to be properly escaped by wrapping them with esc_url().

    I’ll thank you in advance for correcting the mater ASAP in the next release.

    -CP

    https://www.ads-software.com/plugins/google-authenticator-per-user-prompt/

Viewing 1 replies (of 1 total)
  • Plugin Author Ian Dunn

    (@iandunn)

    It is being escaped, see views/token_prompt.php line 9. Additionally, $_REQUEST['redirect_to'] is URL-encoded by wp_login_url().

    In the future, if you think you’ve discovered a security issue, please contact me privately, either via HackerOne (where I’ll gladly pay a bounty for valid reports), or via e-mail.

    It is extremely irresponsible to publicly disclose vulnerabilities before the author has had a reasonable chance to release a patch.

Viewing 1 replies (of 1 total)
  • The topic ‘XSS Vulnerabilities Discovered’ is closed to new replies.

Tags