[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] WooCommerce WordPress plugin 2.2.10 Reflected XSS

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] WooCommerce WordPress plugin 2.2.10 Reflected XSS
From: Eric Flokstra <e.flokstra@xxxxxxxx>
Date: Thu, 19 Feb 2015 14:48:34 +0100

====================================================
Product: WooCommerce WordPress plugin
Vendor: WooThemes
Tested Version: 2.2.10
Vulnerability Type: Cross-Site Scripting [CWE-79]
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Solved in version 2.2.11
Discovered and Provided: Eric Flokstra - ITsec Security Services
====================================================
[-] About the Vendor:

WooCommerce is a popular open source WordPress e-commerce plugin witharound 6.2 million downloads.It is built by WooThemes and designed forsmall to large-sized online merchants.


[-] Advisory Details:

The WooCommerce plugin gives users the ability to see their storesperformance from month to month using graphs and stats. Howeverinsufficient validation on the request retrieving the reports isperformed, enabling remote execution of arbitrary scripting code in thetarget's web browser. This scripting code will be executed within thesecurity context of the WordPress admin panel.


[-] Proof of Concept:

http://example.com/wordpress/wp-admin/admin.php?page=wc-reports&";><script>alert('ITsec')</script<http://example.com/wordpress/wp-admin/admin.php?page=wc-reports&%E2%80%9D%3e%3cscript%3ealert%28%27ITsec%27%29%3c/script>>


[-] Disclosure Timeline:

[28 Jan 2015]: Vendor notification
[29 Jan 2015]: Vulnerability confirmation
[29 Jan 2015]: Vulnerability patched
[19 Feb 2015]: Public disclosure

[-] Solution:

Update to version 2.2.11.

[-] References:

[1] WooCommerce Changelog --https://wordpress.org/plugins/woocommerce/changelog/

[2] Common Vulnerabilities and Exposures (CVE) -- http://cve.mitre.org
[3] Common Weakness Enumeration (CWE) -- http://cwe.mitre.org
[4] ITsec Security Services BV -- http://www.itsec.nl

------------------------------------------------------------------------
ITsec Security Services bv. (KvK. 34181927)

Postal Address:
P.O. Box 5120, 2000GC Haarlem
Visitors Address:       
Kenaupark 23, 2011 MR Haarlem

Phone:                  +31 - (0)23 542 05 78

The information contained in this email communication is confidential and is 
intended solely for the use of the individual or entity to whom it is addressed 
and others authorized to receive it. If you are not the intended recipient, you 
are hereby notified that any disclosure, copying,distribution, or taking any 
action in reliance of the contents of this information is strictly prohibited 
and may be unlawful. No rights may be attached to this message. ITsec does not 
accept any liability for incorrect and incomplete transmission or delayed 
receipt of this e-mail nor for the effects or damages caused by the direct or 
indirect use of the information or functionality provided by this posting, nor 
the content contained within.Use them at your own risk.


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Reflected File Download in AOL Search Website
Next by Date: [FD] Easy Social Icons WordPress plugin v1.2.2 Persistent XSS and CSRF
Previous by thread: [FD] Reflected File Download in AOL Search Website
Next by thread: [FD] Easy Social Icons WordPress plugin v1.2.2 Persistent XSS and CSRF
Index(es):
- Date
- Thread