WordPress “Max Banner Ads” Plug-in XSS (Cross-site Scripting) Security Vulnerabilities

IT Computer & Web Information Technology

WordPress “Max Banner Ads” Plug-in XSS (Cross-site Scripting) Security Vulnerabilities

Exploit Title: WordPress “Max Banner Ads” Plugin /info.php &zone_id Parameter XSS Security Vulnerabilities

Product: WordPress “Max Banner Ads” Plugin

Vendor: MaxBlogPress

Vulnerable Versions: 1.9 1.8 1.4 1.3.* 1.2.* 1.1 1.09

Tested Version: Check All Related Versions’ Source Code

Advisory Publication: Mar 04, 2015

Latest Update: Mar 04, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Advisory Details:

(1) Vendor & Product Description:

Vendor:

MaxBlogPress

Product & Version:

WordPress “Max Banner Ads” Plugin

1.9 1.8 1.4 1.3.* 1.2.* 1.1 1.09

Vendor URL & Download:

WordPress “Max Banner Ads” Plugin can be downloaded from here,

http://www.maxblogpress.com/plugins/

Product Introduction:

“Easily add and rotate banners in your wordpress blog anywhere you like without editing any themes or touching any codes”

(2) Vulnerability Details:

WordPress “Max Banner Ads” Plugin has a web application security bug…

View original post 27 more words

Advertisements

About essaybeans

Getting realistic and idealistic at the same time.
This entry was posted in Computer & Web Technology, Database Technology and tagged , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s