WordPress Simple Slider Plugin Cross-Site Scripting Vulnerabilities

Summary

WordPress Simple Slider Plugin is prone to a cross-site scripting Vulnerability.

Credit:

The information has been provided by Aditya Balapure.


Details

Vulnerable Systems:
 * WordPress Simple Slider Plugin

Simple Slider Plugin for WordPress allows creation and management of simple image slideshows.

XSS location

The simple Slider Plugin in WordPress http://wordpress.org/extend/plugins/simple-slider/ has a Reflective XSS
vulnerability in the New Image URL field.

Script Used-
‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//– </SCRIPT>’>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

Disclosure Timeline:
21/11/2012 to: -The vendor was notified and an updated version was released by the vendor.

Categories: News