Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 6 Jun 2013 20:44:09 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Cc: Kurt Seifried <kseifried@...hat.com>, plugins@...dpress.org,
	moderators@...db.org
Subject: CVE request: WordPress plugin uk-cookie CSRF

Hello,

While reproducing CVE-2012-5856[1][2] I noticed there is CSRF security
vulnerability in uk-cookie plugin and abusing it attacker can insert XSS to
front page of WordPress installation. Version 1.1 is the latest and I did not
test older versions. OSVDB item[3] should be updated. Plugin is currently
disabled in WordPress plugin repository so vendor URL is currently 404.

PoC: https://github.com/wpscanteam/wpscan/issues/184#issuecomment-19038566
Product: Uk Cookie Plugin for WordPress
Vendor URL: http://wordpress.org/plugins/uk-cookie/
Vendor SVN: http://plugins.svn.wordpress.org/uk-cookie/trunk/
Vulnerability Type: CWE-352
Vulnerable Versions: 1.1 and probably earlier
Fixed Version: N/A

Kurt, could you assign CVE-identifier for CSRF vulnerability, thanks.

1: http://seclists.org/bugtraq/2012/Nov/50
2: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5856
3: http://osvdb.org/87561

Similar plugins are available: http://wordpress.org/plugins/uk-cookie-consent/

--
Qentinel, Henri Salo
http://www.qentinel.com/en/

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.