Home / exploits WordPress Database Sync 0.4 Cross Site Scripting
Posted on 04 August 2015
Title: WordPress 'Database Sync' Plugin Version: 0.4 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Download: - https://wordpress.org/plugins/database-sync/ - https://plugins.svn.wordpress.org/database-sync/ ========================================================== ## Plugin description ========================================================== Sync databases across servers with a single click. ## Vulnerabilities ========================================================== The GET parameter 'url' is printed directly to the page without sanitization making XSS possible. PoC: Log in as admin and visit the following URL: [URL]/wp-admin/tools.php?page=dbs_options&dbs_action=sync&url="><script>alert(1)</script> ## Solution ========================================================== Update to v.0.5. ========================================================== Vulnerabilities found using Eir; an early stage static vulnerability scanner for PHP applications.
