WordPress WP Statistics authenticated xss Vulnerability(WP Statistics <=12.0.9)
WordPress WP Statistics authenticated xss Vulnerability(WP Statistics <=12.0.9)
Description
Version 12.0.9 and below of the WP Statistics WordPress Plugin was found to be vulnerable to Authenticated Reflected Cross-Site Scripting (XSS).The 'rangestart'
and 'rangeend'
GET parameter on page wps_referrers_page is output without validated, sanitised or output encoded. This leads to Authenticated Reflected Cross-Site Scripting (XSS), which could allow attackers to compromise a WordPress application by tricking an authenticated administrator user into clicking on a specially crafted link.
Technical Description:
file /includes/log/top-referring.php
line 18-30, the $_GET['rangestart']
and $_GET['rangeend']
in $date_args
variable.
file /includes/log/top-referring.php
line 86, the date_args
variable is output in the PHP echo()
function
Proof of Concept (PoC)
Click on the following link in the Firefox browser:
1 | http://mywordpress.com/wp-admin/admin.php?page=wps_referrers_page&rangeend=123123"><script>alert(1)</script><a a=" |
CVE-2017-10991