Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 16 May 2013 17:59:46 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Cc: plugins@...dpress.org
Subject: CVE request: WordPress plugin wp-cleanfix CSRF

Hello,

Can I get CVE for CSRF vulnerability in WordPress plugin wp-cleanfix, thanks.
Attacker can execute arbitrary PHP code using eval() in wpCleanFixAjax.php with
CSRF. I also noticed the plugin contains wp-cleanfix.php:

<script type="text/javascript" src="http://blog.wpxtre.me/widget/?<?php echo
time() ?>"></script>

Tested: 2.4.4

Information posted originally 11 months ago, but eval() alone is not dangerous.
Not sure if this should be 2012 or 2013 CVE.

References:
http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning
https://github.com/wpscanteam/wpscan/issues/186
http://wordpress.org/extend/plugins/wp-cleanfix/

---
Henri Salo

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.