WordPress Altos Connect Widget 1.3.0 Cross Site Scripting
Posted on 04 August 2015
Title: WordPress 'Altos Connect Widget' Plugin Version: 1.3.0 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-15 Download: - https://wordpress.org/plugins/altos-connect/ - https://plugins.svn.wordpress.org/altos-connect/ Notified WordPress: 2015-06-21 ========================================================== ## Plugin description ========================================================== Description: Altos Connect registration widget for WordPress®. Altos Connect registration widget for WordPress®. The Altos Connect plugin can be us ## XSS vulnerability ========================================================== The _SERVER variable 'PHP_SELF' is printed without sanitization in a captcha demo page (which is not removed when installing). This can be exploited with a direct link to the vulnerable file. PoC: [URL]/wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/"><script>alert(1)</script> It seems like this is fixed in the newest version of jquery-validate, but this plugin has not been patched. ## Solution ========================================================== No fix available ========================================================== Vulnerability found using Eir; an early stage static vulnerability scanner for PHP applications.