Summary
This host is installed with WordPress SS Downloads Plugin and is prone to multiple cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site
Impact Level: Application
Solution
Upgrade Wordpress SS Downloads to version 1.5 or later, For updates refer to http://wordpress.org/plugins/ss-downloads
Insight
Input passed via the 'file', 'title', and 'postid' parameters to emailandname form.php, emailform.php, emailsent.php, register.php, and download.php scripts and 'emails_and_names' and 'ssdshortcode' parameters to ss-downloads.php and 'file' parameter to services/getfile.php script are not properly sanitized before being returned to the user.
Affected
Wordpress SS Downloads Plugin version 1.4.4.1, Other versions may also be affected.
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References
- http://packetstormsecurity.com/files/124958
- http://secunia.com/advisories/56532
- http://www.osvdb.com/102501
- http://www.osvdb.com/102502
- http://www.osvdb.com/102503
- http://www.osvdb.com/102504
- http://www.osvdb.com/102538
- http://www.osvdb.com/102539
- https://plugins.trac.wordpress.org/changeset/842702
Updated on 2017-03-28