WP Flash Player 1.3 Cross Site Scripting

WP Flash Player 1.3 Cross Site Scripting

WP Flash Player 1.3 WP Flash Player 1.3 Cross Site Scripting

WP Flash Player 1.3 - Multiple Cross-site Scripting
Advisory ID: RO-15-011
Severity: High
Vendor: WordPress
Product: WP Flash Player
Version: 1.3


Overview #

Multiple Cross-site Scripting (XSS) vulnerabilities exist in WP Flash Player WordPress Plugin version 1.3.


Vulnerability Details #

Affected Versions: 1.3 and earlier

Root Cause: Insufficient input validation in admin panel parameters.

Status: Not fixed by developer
Technical Details #

Vulnerable URL: /wp-admin/admin.php?page=hdflv

Vulnerable Parameters (POST):

plfilter
search

Attack Pattern:

0'"--></style></scRipt><scRipt>alert(0x000862)</scRipt>



Exploitation Requirements #

Admin authentication required
Victim must be logged in as admin

Impact #

Remote attackers can exploit these vulnerabilities to:

Steal admin session cookies
Perform administrative actions
Compromise the WordPress installation



Solution #

The vulnerabilities have not been fixed by the developer. Consider using an alternative plugin.


References #

Invicti Advisory NS-15-009

Timeline:

[2015-03-17] - First Contact
[2015-06-01] - Second Contact
[2015-06-30] - Third Contact
[2015-07-15] - Advisory Released

Credits: Omar Kurt