WordPress Plugin Vulnerabilities

Erident Custom Login & Dashboard 3.4-3.4.1 - Stored Cross-Site Scripting (XSS)

Description

The Erident Custom Login and Dashboard plugin exposes a call to the update_option method, when a specific POST field is posted to the plugins setting screen.

No CSRF token is used, and as such if an Administrative user can be tricked into visiting a site with a malicious form, it is possible to trigger a Stored Cross-Site Scripting attack in the admin dashboard by utilising this unsafe method call.

The vulnerable method call is located on line 312 of erident-custom-login-and-dashboard/er-custom-login.php.

Proof of Concept

Affects Plugins

Plugin icon
erident-custom-login-and-dashboard
Fixed in 3.5

References

CVE
CVE-2015-9322
URL
https://g0blin.co.uk/g0blin-00048/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Submitter
James Hooker
Submitter website
https://research.g0blin.co.uk
Submitter twitter
g0blinResearch
Verified
No
WPVDB ID
ed37e254-7fbc-44db-aa3d-031ecf144c6d

Timeline

Publicly Published
2015-06-18 (about 10 years ago)
Added
2015-06-18 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-05-22
Title
Contact Form Entries < 1.3.1 - Contributor+ Stored XSS
Published
2017-07-30
Title
WP Live Chat Support < 7.1.05 - Cross-Site Scripting (XSS)
Published
2024-03-29
Title
Convert Post Types <= 1.4 - Reflected Cross-Site Scripting
Published
2022-10-27
Title
Gallery with Thumbnail Slider < 6.1 - Contributor+ Stored XSS
Published
2022-08-31
Title
Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS