'Yet Another Related Posts Plugin' options can be updated with no token/nonce protection which an attacker may exploit via tricking website's administrator to enter a malformed page which will change YARPP options, and since some options allow html the attacker is able to inject malformed javascript code which can lead to code execution/administrator actions when the injected code is triggered by an admin user. injected javascript code is triggered on any post page. Affected Versions <= 4.2.4 Vulnerability Scope XSS RCE (http://ift.tt/1GYK2Lr) Authorization Required: None Proof of Concept:
Fix: No Fix Available at The Moment. Timeline: Notified Vendor - No Reply Notified Vendor Again- No Reply Publish Disclosure
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment