WordPress WP App Maker Plugin '/asset-studio/icons-launcher.php' Cross Site Scripting Vulnerability
BID:69510
Info
WordPress WP App Maker Plugin '/asset-studio/icons-launcher.php' Cross Site Scripting Vulnerability
| Bugtraq ID: | 69510 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-4578 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 17 2014 12:00AM |
| Updated: | Jan 17 2014 12:00AM |
| Credit: | Anant Shrivastava |
| Vulnerable: |
Wp App Maker Project Wp App Maker 1.0.16.4 |
| Not Vulnerable: | |
Exploit / POC
WordPress WP App Maker Plugin '/asset-studio/icons-launcher.php' Cross Site Scripting Vulnerability
To exploit this issue an attacker must entice an unsuspecting victim to follow a malicious URI.
The following example URI is available:
http://www.example.com/wp-content/plugins/wp-app-maker/asset-studio/icons-launcher.php?uid=[xss]
To exploit this issue an attacker must entice an unsuspecting victim to follow a malicious URI.
The following example URI is available:
http://www.example.com/wp-content/plugins/wp-app-maker/asset-studio/icons-launcher.php?uid=[xss]
References
WordPress WP App Maker Plugin '/asset-studio/icons-launcher.php' Cross Site Scripting Vulnerability
References:
References:
- WordPress HomePage (WordPress)
- WP App Maker Homepage (WP App Maker)
- wp-plugin : wp-app-maker �?? A3-Cross-Site Scripting (XSS) (CodeVigilant)