Summary
This host is installed with WordPress SS Downloads Plugin and is prone to multiple cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site
Impact Level: Application
Solution
Upgrade Wordpress SS Downloads to version 1.5 or later, For updates refer to http://wordpress.org/plugins/ss-downloads
Insight
Input passed via the 'file', 'title', and 'postid' parameters to emailandname form.php, emailform.php, emailsent.php, register.php, and download.php scripts and 'emails_and_names' and 'ssdshortcode' parameters to ss-downloads.php and 'file' parameter to services/getfile.php script are not properly sanitized before being returned to the user.
Affected
Wordpress SS Downloads Plugin version 1.4.4.1, Other versions may also be affected.
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References
- http://packetstormsecurity.com/files/124958
- http://secunia.com/advisories/56532
- http://www.osvdb.com/102501
- http://www.osvdb.com/102502
- http://www.osvdb.com/102503
- http://www.osvdb.com/102504
- http://www.osvdb.com/102538
- http://www.osvdb.com/102539
- https://plugins.trac.wordpress.org/changeset/842702
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Apache Rave User Information Disclosure Vulnerability
- Apache Tomcat source.jsp malformed request information disclosure