WordPress WP Statistics authenticated xss Vulnerability(WP Statistics <=12.0.9)

WordPress WP Statistics authenticated xss Vulnerability(WP Statistics <=12.0.9)

WordPress WP Statistics authenticated xss Vulnerability(WP Statistics <=12.0.9)

Description

Version 12.0.9 and below of the WP Statistics WordPress Plugin was found to be vulnerable to Authenticated Reflected Cross-Site Scripting (XSS).The 'rangestart' and 'rangeend' GET parameter on page wps_referrers_page is output without validated, sanitised or output encoded. This leads to Authenticated Reflected Cross-Site Scripting (XSS), which could allow attackers to compromise a WordPress application by tricking an authenticated administrator user into clicking on a specially crafted link.

Technical Description:

file /includes/log/top-referring.php line 18-30, the $_GET['rangestart'] and $_GET['rangeend'] in $date_args variable.

file /includes/log/top-referring.php line 86, the date_args variable is output in the PHP echo() function

Proof of Concept (PoC)

Click on the following link in the Firefox browser:

1
http://mywordpress.com/wp-admin/admin.php?page=wps_referrers_page&rangeend=123123"><script>alert(1)</script><a a="

CVE-2017-10991

image.png-80kB

文章目录
  1. 1. WordPress WP Statistics authenticated xss Vulnerability(WP Statistics <=12.0.9)
  2. 2. Description
  3. 3. Technical Description:
  4. 4. Proof of Concept (PoC)