WordPress Plugin Vulnerabilities

WP Front End Profile <= 0.2.1 - Privilege Escalation & Stored Cross-Site Scripting (XSS)

Description

It is possible to modify a POST request to overwrite user meta including 'wp_capabilities' and 'wp_user_level' which results in a privilege escalation vulnerability.

User input is not sanitised or escaped on output resulting in a stored XSS vulnerability.

Timeline:

2016-09-12: Vulnerability found
2016-09-12: Reported to vendor
2016-09-12: Vendor responded
2016-09-14: Vendor released a fixed version (0.2.2)
2016-09-14: Public disclosure

Proof of Concept

Affects Plugins

Plugin icon
wp-front-end-profile
Fixed in 0.2.2

References

CVE
CVE-2019-15110
CVE
CVE-2019-15111
URL
https://plugins.trac.wordpress.org/changeset/1495896/wp-front-end-profile

Miscellaneous

Submitter
Phil Wylie
Submitter website
https://www.philwylie.co.uk/
Submitter twitter
mustardbees
Verified
No
WPVDB ID
cb80f049-0433-44a0-9f9c-35a6e8da820e

Timeline

Publicly Published
2016-09-14 (about 9 years ago)
Added
2016-09-15 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2019-09-30
Title
Theme Editor < 2.2 - Multiple Vulnerabilities
Published
2019-07-04
Title
Ocean Extra <= 1.5.8 - Unauthenticated Settings change and CSS injection
Published
2014-08-01
Title
Spider Calendar 1.3.0 - Multiple Vulnerabilities
Published
2019-05-13
Title
Ultimate Member < 2.0.46 - Multiple Vulnerabilities
Published
2015-01-11
Title
Our Team Showcase 1.2 - CSRF & XSS