Subject: Persistent Cross-Site Scripting (XSS) in "Post video players, slideshow albums, photo galleries and music / podcast playlist" 1.136
Date: Tue, 25 Aug 2015 12:02:43 +0200Hello,
1. Persistent Cross-Site Scripting (XSS)
Authenticated users (like editors) can store html/js code in plugin configuration values (there is no CSRF protection!).
Method: POST
Vulnerable parameters: cincopaafc
Example PHP callstack:
_cpmp_mt_options_page [/video-playlist-and-gallery-plugin/wp-media-cincopa.php:655]
Verification:
--
<input type="text" name="cincopaafc" value='"><img src=x onerror=alert(1) />' />
<input type="submit" name="submit" />
</form>
--
--
Regards,
Marcin Probola,