Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25243
HistoryDec 06, 2010 - 12:00 a.m.

Vulnerabilities in Register Plus Redux for WordPress

2010-12-0600:00:00
vulners.com
47
JSON

Hello Bugtraq!

I want to warn you about Cross-Site Scripting, Insufficient Anti-automation
and Full path disclosure vulnerabilities in plugin Register Plus Redux for
WordPress. Register Plus Redux is a fork of plugin Register Plus.

Affected products:

Vulnerable are versions of plugin Register Plus Redux 3.6.1 and previous
versions.

Details:

XSS (WASC-08):

POST request at page http://site/wp-login.php?action=register

"><script>alert(document.cookie)</script>
In fields: First Name, Last Name, Website, AIM, Yahoo IM, Jabber / Google
Talk, Password, Confirm Password.

</textarea><script>alert(document.cookie)</script>
In field: About Yourself.

Insufficient Anti-automation (WASC-21):

http://site/wp-login.php?action=register

In registration form there is no protection from automated requests
(captcha).

Full path disclosure (WASC-13):

http://site/wp-content/plugins/register-plus-redux/dash_widget.php

http://site/wp-content/plugins/register-plus-redux/register-plus-redux.php

At POST request at page http://site/wp-login.php?action=register.

Timeline:

2010.09.18 - announced at my site.
2010.09.19 - informed developer.
2010.12.02 - disclosed at my site.

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4542/&#41;.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

JSON