WordPress Symposium Pro Social Network plugin version 16.1 suffers from a cross site scripting vulnerability.
6a2d0425b1719d1186fb0e34fa724654e3fda7953b4c25a65931591a9dc7cf00##FULL DISCLOSURE
#Product : WP Symposium Pro Social Network plugin
#Exploit Author : Rahul Pratap Singh
#Home page Link : https://wordpress.org/plugins/wp-symposium-pro
#Version : 16.1
#Website : 0x62626262.wordpress.com
#Twitter : @0x62626262
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 12/Jan/2016
XSS Vulnerability:
Description:
“user_id” parameter is not sanitized, that leads to reflected xss.
POC:
https://0x62626262.files.wordpress.com/2016/01/wpsymposiumpro16_1xsspoc.png
Fix:
Update to version 16.01.01
Disclosure Timeline:
reported to vendor : 12/1/2016
vendor response : 12/1/2016
vendor acknowledged : 12/1/2016
vendor deployed a patch: 12/1/2016
Pub Ref:
http://www.wpsymposiumpro.com/wp-symposium-pro-16-01-01-security-release/
https://wordpress.org/plugins/wp-symposium-pro/
https://0x62626262.wordpress.com/2016/01/12/wp-symposium-pro-social-network-plugin-xss-vulnerability/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed