Title: WordPress 'WP-ViperGB' plugin - CSRF/XSS Version: 1.3.10 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/wp-vipergb/ Notified WordPress: 2014/11/27 ---------------------------------------------------------------- ## Description: ---------------------------------------------------------------- WP-ViperGB is a WordPress plugin designed to replicate the appearance and behavior of the discontinued Viper Guestbook project. It makes it easy to add a stylish and user-friendly guestbook to your blog. ## CSRF: ---------------------------------------------------------------- It is possible to change the plugins admin settings by tricking a logged in admin to visit a crafted page. ## Stored XSS: ---------------------------------------------------------------- Some settings data from the admin page is stored unsanitized and shown on the plugin's admin page. This allows an attacker to perform XSS through the settings fields. PoC: Log in as admin to the vulnerable site and press the submit button on this form:







## Solution ---------------------------------------------------------------- Update to version 1.3.11