exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

WordPress Login Widget With Shortcode 3.1.1 CSRF / XSS

WordPress Login Widget With Shortcode 3.1.1 CSRF / XSS
Posted Sep 17, 2014
Authored by Tom Adams

WordPress Login Widget With Shortcode plugin version 3.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 53f460ac91c7d419b8bcb368ddda31921d0dbe302556c55c904f552f999c5396

WordPress Login Widget With Shortcode 3.1.1 CSRF / XSS

Change Mirror Download
Details
================
Software: Login Widget With Shortcode
Version: 3.1.1
Homepage: http://wordpress.org/plugins/login-sidebar-widget/
Advisory report: https://security.dxw.com/advisories/csrfxss-vulnerablity-in-login-widget-with-shortcode-allows-unauthenticated-attackers-to-do-anything-an-admin-can-do/
CVE: Awaiting assignment
CVSS: 6.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:P)

Description
================
CSRF/XSS vulnerablity in Login Widget With Shortcode allows unauthenticated attackers to do anything an admin can do

Vulnerability
================
This plugin is vulnerable to a combination CSRF/XSS attack. An attacker able to convince an admin to visit a link of their choosing is able to insert arbitrary HTML into an admin page.  Using that ability they can use JavaScript to control an admin user’s browser, allowing the attacker to create user accounts, create posts, delete all posts, etc.

Proof of concept
================
If a logged-in administrator user clicks the submit button on this form, a javascript alert will display in the admin screens. (In a real attack the form can be made to auto-submit using Javascript).
<form method=\"POST\" action=\"http://localhost/wp-admin/options-general.php?page=login_widget_afo\">
<input type=\"text\" name=\"custom_style_afo\" value=\"</textarea><script>alert(1)</script>\">
<input type=\"text\" name=\"option\" value=\"login_widget_afo_save_settings\">
<input type=\"submit\">
</form>

Mitigations
================
Upgrade to version 3.2.1 or later.

Disclosure policy
================
dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: https://security.dxw.com/disclosure/

Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf.

This vulnerability will be published if we do not receive a response to this report with 14 days.

Timeline
================

2014-08-26: Discovered
2014-09-15: Reported to vendor by email
2014-09-15: Vendor reported the issue fixed and a new version released
2014-09-17: Published



Discovered by dxw:
================
Tom Adams
Please visit security.dxw.com for more information.




Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close