Date: Sat, 23 Apr 2016 23:59:16 +0530
From: Rahul Pratap Singh <techno.rps@...il.com>
To: bugtraq@...urityfocus.com
Subject: Echosign Plugin for WordPress XSS Vulnerability

## FULL DISCLOSURE

#Product : Echosign Plugin
#Exploit Author : Rahul Pratap Singh
#Version :1.1
#Home page Link : https://wordpress.org/plugins/echosign/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4/2016

XSS Vulnerability:

----------------------------------------
Description:
----------------------------------------
"Page" and "id"  parameters are not sanitized that leads to XSS
Vulnerability.

----------------------------------------
Vulnerable Code:
----------------------------------------

File Name: testfiles/echosign/inc.php

Found at line:199
<input type="hidden" name="page" value="<?php echo $_REQUEST['page']; ?>" />

File Name: testfiles/echosign/templates/add_templates.php

Found at line:31
<input type = 'hidden' name = 'id'  value = '<?php echo $_REQUEST['id'];
?>'>
----------------------------------------

Fix:
No fix Available

Vulnerability Disclosure Timeline:
→ March 03, 2016  – Bug discovered, initial report to WordPress.
→ March 07, 2016  – No, response. Report sent again.
→ March 08, 2016  – WordPress Acknowledged. Plugin taken down.
→ April 21, 2016  – Plugin still down. No patch available.

Pub Ref:
https://0x62626262.wordpress.com/2016/04/21/echosign-plugin-for-wordpress-xss-vulnerability/
https://wordpress.org/plugins/echosign/

Download attachment "0xE5D04434.asc" of type "application/pgp-keys" (61463 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists