[Vulnerability] Wordpress Plugin 'List Draft Posts' - Stored XSS
DamnSecure.org used this plugin and noticed this vulnerability. Vulnerability occurs because the ‘Title’ of a post is printed directly into the widget without processing it.
# Exploit Title: Wordpress plugin 'List Draft Posts' - Stored XSS # Date: [2011/10/21] # Author: [Ruben] # Software Link: http://wordpress.org/extend/plugins/list-draft-posts/ # Version: Tested and verifyed on version 3.0.1; My guess, all version are affected, but I cannot verify this. # Developer notified?: No (plugin is no longer under development) # Google-Dork: intext:listdrafts-widget-3 Stored XSS is possible by creating a new post using the 'Title' as the injection field. Exploitation can only occur when an already existing user is allowed to write posts.
For more information checkout http://blog.damnsecure.org/?tag=xss
FYI: Plugin is not being used by DamnSecure.org anymore ;)