what you don't know can hurt you

WordPress Register Plus Redux Cross Site Scripting

WordPress Register Plus Redux Cross Site Scripting
Posted Mar 30, 2012
Authored by MustLive

Register Plus Redux version 3.7.2 for WordPress appears to suffer from additional cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
MD5 | 49fa719d70180fa4885be4356e056787

WordPress Register Plus Redux Cross Site Scripting

Change Mirror Download
Hello list!

I want to warn you new about security vulnerabilities in Register Plus Redux
for WordPress.

These are Cross-Site Scripting vulnerabilities. After finding and fixing of
36 vulnerabilities in plugin Register Plus Redux in the end of previous
year, I've released my version of the plugin with fixed vulnerabilities of
original plugin. And recently during security audit of web site, on which
Register Plus Redux was using, I've found two new XSS vulnerabilities in
this plugin (which also take place on forks of this plugin).

-------------------------
Affected products:
-------------------------

Affected functionality appeared in Register Plus Redux potentially from
version 3.7.2.

Vulnerable are original Register Plus Redux and all plugins based on it.
Particularly vulnerable are Register Plus Redux 3.7.2 and next versions, my
versions Register Plus Redux 3.8 - 3.8.3, Register Plus Redux Auto Login
3.8.1 and previous versions.

At 25.03.2012 I've fixed these vulnerabilities in my version Register Plus
Redux 3.8.4.

----------
Details:
----------

XSS (WASC-08):

At page http://site/wp-login.php?action=register in parameters user_login
and user_email.

http://websecurity.com.ua/uploads/2012/Register%20Plus%20Redux%20XSS-1.html

http://websecurity.com.ua/uploads/2012/Register%20Plus%20Redux%20XSS-2.html

These vulnerabilities are concerned with variable-width-encoding (with using
of this technique it's possible to bypass protection filters). These
exploits are for IE6, for other browsers other characters need to be used
(this attack is possible in old browsers).

------------
Timeline:
------------

2012.03.25 - found these vulnerabilities in the plugin.
2012.03.25 - fixed these vulnerabilities in my version of the plugin
(Register Plus Redux 3.8.4).
2012.03.26-27 - informed users of my plugin and supplied them with new
version.
2012.03.27 - disclosed at my site.
2012.03.28 - informed developer of original plugin.

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/5745/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Login or Register to add favorites

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close