User Submitted Posts [Persistent XSS]
User Submitted Posts plugin for WordPress suffers from a XSS vulnerability
User Submitted Posts plugin for WordPress suffers from a XSS vulnerability. The
user-submitted-content field of the new post submission form is not properly sanitized, thus allowing users to include JS code to submitted post content.
Normally only users with
unfiltered_html capability are allowed to include JS code to post content. By default Administrators or Super Administrators have this capability, so this is considered as Persistent XSS vulnerability.
Vulnerable code is in
if (isset($_POST['user-submitted-content'])) $content = stripslashes($_POST['user-submitted-content']);
- Submit the form inserting JS code to post content
- View the newly created post
- JS code is executed
Upgrade to v20160215
Vendor notified via contact form at his website
Vendor responded and received details about the issue
Vendor released version 20160215