[<prev] [next>] [day] [month] [year] [list]
Message-ID: <ce2af32d-8ca0-6b75-332b-16350908078c@securify.nl>
Date: Wed, 1 Mar 2017 07:09:21 +0100
From: Summer of Pwnage <lists@...urify.nl>
To: bugtraq@...urityfocus.com
Subject: Cross-Site Scripting in Magic Fields 1 WordPress Plugin
------------------------------------------------------------------------
Cross-Site Scripting in Magic Fields 1 WordPress Plugin
------------------------------------------------------------------------
Burak Kelebek, July 2016
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A reflected Cross-Site Scripting vulnerability has been encountered in
the Magic Fields 1 WordPress plugin. This issue allows an attacker to
perform a wide variety of actions, such as stealing Administrators'
session tokens, or performing arbitrary actions on their behalf.
------------------------------------------------------------------------
OVE ID
------------------------------------------------------------------------
OVE-20160724-0019
------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully tested on Magic Fields 1 version 1.7.1.
------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
This issue is addressed in the 1.7.2 version of Magic Fields 1. You can
obtain the most recent version on the following location:
https://github.com/hunk/Magic-Fields/releases
------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_magic_fields_1_wordpress_plugin.html
------------------------------------------------------------------------
Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its
goal is to contribute to the security of popular, widely used OSS
projects in a fun and educational way.
Powered by blists - more mailing lists