WordPress Payment Form for PayPal Pro插件跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1130592 漏洞类型 跨站脚本
发布时间 2015-10-06 更新时间 2019-07-29
CVE编号 CVE-2015-7666 CNNVD-ID CNNVD-201712-959
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://cxsecurity.com/issue/WLB-2015100045
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201712-959
|漏洞详情
WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台,该平台支持在PHP和MySQL的服务器上架设个人博客网站。Payment Form for PayPal Pro plugin是使用在其中的一个支付插件。 WordPress Payment Form for PayPal Pro插件1.0.2之前的版本中的cp_ppp_admin_int_message_list.inc.php文件的‘cp_updateMessageItem’和‘cp_deleteMessageItem’函数存在跨站脚本漏洞。远程攻击者可借助‘cal’参数利用该漏洞注入任意的Web脚本或HTML。
|漏洞EXP
Vulnerability title: Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin
CVE: CVE-2015-7666
Vendor: WordPress DWBooster
Product: Payment Form for PayPal Pro
Affected version: 1.0.1
Fixed version: 1.0.2
Reported by: Ibéria Medeiros

Vulnerability Details:
=====================
It was discovered that no protection against multiple reflected XSS attacks was implemented, resulting in an attacker being able to retrive user data from end user, such as session cookies.

The Payment Form for PayPal Pro version 1.0.1 WordPress plugin is vulnerable to 2 reflected XSS vulnerabilities.
The cp_ppp_admin_int_message_list.inc.php file is vulnerable to XSS attacks via $_GET["cal"] parameter.

System affected:
===============
Any system that access to a web site developed by WordPress CMS version 4.3.1 or earlier and uses the Payment Form for PayPal Pro version 1.0.1.

Advisory:
========
https://wordpress.org/plugins/payment-form-for-paypal-pro/changelog/

Solution:
========
Update to Payment Form for PayPal Pro version 1.0.2 plugin.
https://wordpress.org/plugins/payment-form-for-paypal-pro/

Disclosure Timeline:
===================
Vendor notification: September 26, 2015
Vendor fixed vulnerability: September 27, 2015
Public advisory: September 27, 2015
Public disclosure: October 4, 2015
|参考资料

来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/archive/1/536602/100/0/threaded
来源:CONFIRM
链接:https://plugins.trac.wordpress.org/changeset/1254452/payment-form-for-paypal-pro
来源:CONFIRM
链接:https://wordpress.org/plugins/payment-form-for-paypal-pro/#developers