BulletProof Security 0.53.3 Cross Site Scripting

BulletProof Security 0.53.3 Cross Site Scripting

BulletProof Security 0.53.3 - Multiple BulletProof Security 0.53.3 Cross Site Scripting

BulletProof Security 0.53.3 - Multiple Cross-site Scripting
Advisory ID: RO-16-007
Severity: Medium
Vendor: AITpro
Product: BulletProof Security
Version: 0.53.3


Overview #

Multiple Cross-site Scripting (XSS) vulnerabilities exist in BulletProof Security WordPress Plugin version 0.53.3.


Vulnerability Details #

Affected Versions: 0.53.3 and earlier

Root Cause: Insufficient input validation in security log page.
Technical Details #

Vulnerable URL: /wp-admin/admin.php?page=bulletproof-security/admin/security-log/security-log.php

Vulnerable Parameter (POST): user-agent-ignore

Attack Pattern:

'"--></style></scRipt><scRipt>alert(0x001E32)</scRipt>



Exploitation Requirements #

Admin authentication required
Victim must interact with the malicious element

Impact #

Remote attackers can exploit these vulnerabilities to:

Steal admin session cookies
Perform administrative actions
Bypass security logging features



Solution #

Update to the latest version. See BPS Changelog.


References #

Invicti Advisory NS-16-003

Timeline:

[2016-03-15] - First Contact
[2016-03-23] - Vendor Fixed
[2016-05-09] - Advisory Released

Credits: Omar Kurt