WordPress Altos Connect Widget plugin version 1.3.0 suffers from a cross site scripting vulnerability.
1d8ffc60fca3c3964e7b9a3083c9c819960a816aa537a348452e0471c5cb4b2d
Title: WordPress 'Altos Connect Widget' Plugin
Version: 1.3.0
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Date: 2015-06-15
Download:
- https://wordpress.org/plugins/altos-connect/
- https://plugins.svn.wordpress.org/altos-connect/
Notified WordPress: 2015-06-21
==========================================================
## Plugin description
==========================================================
Description: Altos Connect registration widget for WordPress®. Altos Connect registration widget for WordPress®. The Altos Connect plugin can be us
## XSS vulnerability
==========================================================
The _SERVER variable 'PHP_SELF' is printed without sanitization in a captcha demo page (which is not removed when installing). This can be exploited with a direct link to the vulnerable file.
PoC:
[URL]/wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/"><script>alert(1)</script>
It seems like this is fixed in the newest version of jquery-validate, but this plugin has not been patched.
## Solution
==========================================================
No fix available
==========================================================
Vulnerability found using Eir; an early stage static vulnerability scanner for PHP applications.