Make WordPress Core

Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#28610 closed defect (bug) (invalid)

Persistent XSS and CSRF on wordpress 3.9.1

Reported by: avinash_thapa's profile avinash_thapa Owned by: nacin's profile nacin
Milestone: Priority: normal
Severity: normal Version: 3.9.1
Component: General Keywords:
Focuses: Cc:

Description

As you release the new version of wordpress 3.9.1.
It consists of multiple vulnerabilities i.e Persistent XSS and CSRF.
This is present in the comment box.
An attaker can easily put the simple xss vector and able to create the XSS there.
It is a critical Vulenrability as it is stored.

Attachments (1)

POC.docx (187.6 KB) - added by avinash_thapa 10 years ago.
PoC of the vulnerability

Download all attachments as: .zip

Change History (5)

@avinash_thapa
10 years ago

PoC of the vulnerability

#1 @ocean90
10 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

When creating this ticket, was "Do not report potential security vulnerabilities here. See the Security FAQ and contact security@…." not noticeable? Honest question. If you have JavaScript enabled, you additionally would have needed to click a checkbox affirming "I am not reporting a security issue — report security issues to security@…".


Your report is invalid. Please read https://codex.wordpress.org/Roles_and_Capabilities#unfiltered_html

#3 @nacin
10 years ago

  • Owner set to nacin
  • Resolution changed from invalid to fixed

([30253] and [30090] were designed to hit #29708.)

Last edited 10 years ago by nacin (previous) (diff)

#4 @nacin
10 years ago

  • Resolution changed from fixed to invalid
Note: See TracTickets for help on using tickets.