XSS

GD bbPress Attachments 2.5 – Authenticated stored XSS

INFO Product: GD bbPress Attachments Version: 2.5 Active installations: 10,000+ Product page: https://it.wordpress.org/plugins/gd-bbpress-attachments/ DESCRIPTION An authenticated user of a bbPress forum, who can attach a file, can inject arbitrary javascript code via filename. The arbitrary code runs both on the topic page and in the admin panel, and it only affects the administrators, moderators and the attacker. The variable $error[‘file’] in /code/attachments/front.php (line 349) is not Continue reading GD bbPress Attachments 2.5 – Authenticated stored XSS

My Calendar 2.5.16 – Authenticated stored XSS

INFO Product: My Calendar Version: 2.5.16 Active installations: 30,000+ Product page: https://it.wordpress.org/plugins/my-calendar/ DESCRIPTION An authenticated user, who can add new events,  can inject arbitrary javascript code via event_time_label input. The arbitrary code runs both on the event page and in the admin panel. In my-calendar-event-manager.php, line 1873, the variable $eventTime is not sanitized. PROOF OF CONCEPT My Calendar 2.5.16 is Continue reading My Calendar 2.5.16 – Authenticated stored XSS

WP Live Chat Support 8.0.05 – Stored XSS

INFO Product: WP Live Chat Support Version: 8.0.05 Active installations: 50,000+ Product page: https://wordpress.org/plugins/wp-live-chat-support/ CVE: 2018-9864 1. DESCRIPTION An unauthenticated user could inject arbitrary javascript code in the admin panel by using the text field “Name” of WP Live Chat Support. Using a single input point it was possible to inject javascript code into two different output points Continue reading WP Live Chat Support 8.0.05 – Stored XSS