WordPress Persian Woocommerce SMS 3.3.2 XSS
Posted on 26 April 2016
## FULL DISCLOSURE #Product :Persian-woocommerce-sms #Exploit Author : Rahul Pratap Singh #Version :3.3.2 #Home page Link : https://wordpress.org/plugins/persian-woocommerce-sms/ #Website : 0x62626262.wordpress.com #Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 #Date : 21/4/2016 XSS Vulnerability: ---------------------------------------- Description: ---------------------------------------- "ps_sms_numbers" parameter is not sanitized that leads to XSS Vulnerability. ---------------------------------------- Vulnerable Code: ---------------------------------------- File Name: testfiles/persian-woocommerce-sms/lib/class.bulk.send.php Found at line:45 value="<?php echo isset($_POST['ps_sms_numbers']) ? $_POST['ps_sms_numbers'] : '' ?>" style="direction:ltr; text-align:left; width:700px; max-width:100% !important"/><br/> ---------------------------------------- Fix: Update to 3.3.4 Vulnerability Disclosure Timeline: → March 14, 2016 – Bug discovered, initial report to Vendor. → March 22, 2016 – No Response. Report sent again. → March 23, 2016 – WordPress Acknowledged. → April 21, 2016 – Full Disclosure. Pub Ref: https://0x62626262.wordpress.com/2016/04/21/persian-woocommerce-sms-xss-vulnerability/ https://wordpress.org/plugins/persian-woocommerce-sms/changelog/