Less critical

Wordpress church_admin Plugin GET Cross-Site Scripting Vulnerability

-

Release Date:  2012-07-06    Last Update:  2012-07-09    Views:  1,597

Secunia Advisory SA49827

Where:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Impact:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Solution Status:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Software:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

CVE Reference(s):

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Description


Sammy Forgit has discovered a vulnerability in the church_admin plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks


Log in with your Secunia community profile to view the full description of this Advisory. If you are an IT security professional, request a trial of the Secunia VIM.

If you are not a member of the Secunia community, you can sign up here for free.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Wordpress church_admin Plugin GET Cross-Site Scripting Vulnerability

User Message
andymoyle RE: Wordpress church_admin Plugin "id" Cross-Site Scripting Vulnerability
Member 8th Jul, 2012 08:44
Score: 0
Posts: 2
User Since: 8th Jul 2012
System Score: N/A
Location: UK
Last edited on 8th Jul, 2012 08:45
That file just contained print_r($_GET); and was used in initial testing - no danger to anyone! No cross scripting vulnerability either - it didn't do anything.
It was not called from anywhere in the plugin and has now been removed from svn wordpress.org repository
Was this reply relevant?
+0
-0
andymoyle RE: Wordpress church_admin Plugin "id" Cross-Site Scripting Vulnerability
Member 8th Jul, 2012 16:53
Score: 0
Posts: 2
User Since: 8th Jul 2012
System Score: N/A
Location: UK
The vulnerable file /wp-content/plugins/church-admin/includes/validate .php has been removed from v0.4.3 - it was redundant.
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.