WordPress Symposium Pro Social Network 16.1 Cross Site Scripting
Posted on 13 January 2016
##FULL DISCLOSURE #Product : WP Symposium Pro Social Network plugin #Exploit Author : Rahul Pratap Singh #Home page Link : https://wordpress.org/plugins/wp-symposium-pro #Version : 16.1 #Website : 0x62626262.wordpress.com #Twitter : @0x62626262 #Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 #Date : 12/Jan/2016 XSS Vulnerability: Description: “user_id” parameter is not sanitized, that leads to reflected xss. POC: https://0x62626262.files.wordpress.com/2016/01/wpsymposiumpro16_1xsspoc.png Fix: Update to version 16.01.01 Disclosure Timeline: reported to vendor : 12/1/2016 vendor response : 12/1/2016 vendor acknowledged : 12/1/2016 vendor deployed a patch: 12/1/2016 Pub Ref: http://www.wpsymposiumpro.com/wp-symposium-pro-16-01-01-security-release/ https://wordpress.org/plugins/wp-symposium-pro/ https://0x62626262.wordpress.com/2016/01/12/wp-symposium-pro-social-network-plugin-xss-vulnerability/