WordPress Database Sync plugin version 0.4 suffers from a cross site scripting vulnerability.
1606060f1785c9b661330db33c18c66a6b5382636fa7ace012ad470838fddab6
Title: WordPress 'Database Sync' Plugin
Version: 0.4
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Download:
- https://wordpress.org/plugins/database-sync/
- https://plugins.svn.wordpress.org/database-sync/
==========================================================
## Plugin description
==========================================================
Sync databases across servers with a single click.
## Vulnerabilities
==========================================================
The GET parameter 'url' is printed directly to the page without sanitization making XSS possible.
PoC:
Log in as admin and visit the following URL:
[URL]/wp-admin/tools.php?page=dbs_options&dbs_action=sync&url="><script>alert(1)</script>
## Solution
==========================================================
Update to v.0.5.
==========================================================
Vulnerabilities found using Eir; an early stage static vulnerability scanner for PHP applications.