Recent XSS Vulnerability | WordPress.org

davidrahrer
(@davidrahrer)

8 years, 11 months ago

https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html

I noticed what to me seemed like some examples of this issue in your excellent plugin Admin Menu Editor, at least if I fully understand the documentation omission that led to it. For instance:

$hide_url = add_query_arg($hide_param_name, 1);

Since no URL is provided in the third parameter of add_query_arg, does this mean that the vulnerability exists in your code? There were other examples but I’m sure you are more familiar with it than I. Please let me know if I am mistaken, and/or if there will be an update soon to handle it. I’m trying to complete a security audit for clients.

Thanks again for your work.

https://wordpress.org/plugins/admin-menu-editor/

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author Janis Elsts
(@whiteshadow)

8 years, 11 months ago

No, that piece of code does not appear to be vulnerable. If you look further down in the file, around line #2226 the plugin sanitizes the $hide_url variable before output. As a result, any code injected in the current URL will not be executed.

I’ve also reviewed other parts of the code that use add_query_arg/remove_query_arg. So far, I haven’t found any that are vulnerable.

Thread Starter davidrahrer
(@davidrahrer)

8 years, 11 months ago

Great, thanks for the prompt reply.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Recent XSS Vulnerability’ is closed to new replies.

Tags

In: Plugins
2 replies
2 participants
Last reply from: davidrahrer
Last activity: 8 years, 11 months ago
Status: not resolved