WordPress.org
Get WordPress

Make WordPress Core

Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#28610 closed defect (bug) (invalid)

Persistent XSS and CSRF on wordpress 3.9.1

Reported by: avinash_thapa's profile avinash_thapa Owned by: nacin's profile nacin
Milestone: Priority: normal
Severity: normal Version: 3.9.1
Component: General Keywords:
Focuses: Cc:

Description

As you release the new version of wordpress 3.9.1.
It consists of multiple vulnerabilities i.e Persistent XSS and CSRF.
This is present in the comment box.
An attaker can easily put the simple xss vector and able to create the XSS there.
It is a critical Vulenrability as it is stored.

Attachments (1)

POC.docx (187.6 KB) - added by avinash_thapa 9 years ago.
PoC of the vulnerability

Download all attachments as: .zip

Change History (5)

@avinash_thapa
9 years ago

PoC of the vulnerability

#1 @ocean90
9 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

When creating this ticket, was "Do not report potential security vulnerabilities here. See the Security FAQ and contact security@…." not noticeable? Honest question. If you have JavaScript enabled, you additionally would have needed to click a checkbox affirming "I am not reporting a security issue — report security issues to security@…".

Your report is invalid. Please read https://codex.wordpress.org/Roles_and_Capabilities#unfiltered_html

#3 @nacin
9 years ago

  • Owner set to nacin
  • Resolution changed from invalid to fixed

([30253] and [30090] were designed to hit #29708.)

Last edited 9 years ago by nacin (previous) (diff)

#4 @nacin
9 years ago

  • Resolution changed from fixed to invalid
Note: See TracTickets for help on using tickets.