Vulnerabilities in the plugin

  • M0thr4

    (@m0thr4)


    10 years ago

    Hello WordPress Simple Survey developers!

    Our security team from Quantika14 just found some vulnerabilities in your plugin (WordPress Simple Survey).

    ==============Vulnerabilities

    The vulnerabilities found are usually called as “Cross Site Scripting”
    (also known as “XSS”). A XSS means that some inputs filled by
    the user (in this case admin or other role that can use the plugin) can
    inject JavaScript code, and with this an attacker can steal cookies,
    distribute malware or everyhing he wants.

    In your plugins every input provided by the user isn’t sanitized before
    be introduced in the database, so if you do some old tricks like ‘
    “><script src=YourVeryVeryDangerous.js></script> ‘ u can exploit it. As
    far we searched in your sources, any $_POST variable was cleaned
    properly.

    Even if the admin is the only avaible to use the plugin, he can be
    tricked using some UI redressing attacks (like Clickjacking) in order to
    inject the JavaScript code.

    ============Fixes

    – Cross Site Scripting

    Fixing XSS is easy too in WordPress. You can sanitize the parameters filled by users through API functions, like esc_html. If you use esc_html
    in all parameters before introduce it in the database or before do a “echo” the problem will be solved.

    IF you need some proof of concepts, or need more information about how to fix the vulnerabilities, please feel free to send us a e-mail

    https://wordpress.org/plugins/wordpress-simple-survey/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    10 years ago

    If you have not done so already can you please send the details to plugins [at] wordpress.org and they can evaluate the problem as well as contact the author directly.

    That’s the best way to get this looked at and resolved.

    Plugin Contributor Richard Royal

    (@richardroyal)

    10 years ago

    When you say “in this case admin” are you confirming that the admin can put JS output into the question fields? That’s not a vulnerability.

    Were you able to answer a question using the plugin as a frontend user and have JS executed when the admin went to look at results? That is an issue I want to deal with and have continued to check for.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Vulnerabilities in the plugin’ is closed to new replies.