oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request: WP Symposium Pro Social Network Plugin 16.1 XSS Vulnerability

From: Rahul Pratap Singh <techno.rps () gmail com>
Date: Tue, 12 Jan 2016 21:02:42 +0530
##FULL DISCLOSURE

#Product : WP Symposium Pro Social Network plugin
#Home page Link : https://wordpress.org/plugins/wp-symposium-pro
#Version : 16.1
#Date : 12/Jan/2016

XSS Vulnerability:

Description:

“user_id” parameter is not sanitized, that leads to reflected xss.

POC:

https://0x62626262.files.wordpress.com/2016/01/wpsymposiumpro16_1xsspoc.png

Fix:
Update to version 16.01.01

Disclosure Timeline:

reported to vendor : 12/1/2016
vendor response : 12/1/2016
vendor acknowledged : 12/1/2016
vendor deployed a patch: 12/1/2016

Pub Ref:
http://www.wpsymposiumpro.com/wp-symposium-pro-16-01-01-security-release/
https://wordpress.org/plugins/wp-symposium-pro/
https://0x62626262.wordpress.com/2016/01/12/wp-symposium-pro-social-network-plugin-xss-vulnerability
Previous By Date Next
Previous By Thread Next

Current thread: