WordPress Plugin Vulnerabilities
Outdated php-mod/curl Library - Unauthenticated Reflected Cross-Site Scripting (XSS)
Description
The original submission stated that the HT Slider Range for Amazon affiliates plugin for WordPress had a reflected XSS vulnerability. After investigation (WPScanTeam), the cause was found to be test files from the php-mod/curl library, which was missing appropriate response headers before outputting user input. We contacted the vendor of the library, which issued a fix (v2.3.2) within a few hours. In the meantime, the entire WordPress plugins repository was scanned for the affected files and 4 additional plugins were identified to be affected as well
Proof of Concept
https://<lib-location>/tests/server/php-curl-test/post_file_path_upload.php?key=%3cimg%20src%20onerror%3dalert(%27XSS%27)%3e curl -X POST -i --data '<script>alert(/XSS/)</script>' https://<lib-location>/tests/server/php-curl-test/post_multidimensional.php
Affects Plugins
Fixed in 1.1.6 
No known fix
Fixed in 2.1.0
Fixed in 3.0.3
No known fix References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Frank Liauw
Submitter
Frank Liauw
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-04-16 (about 3 years ago)
Added
2021-04-16 (about 3 years ago)
Last Updated
2021-04-19 (about 3 years ago)
WPScan 