Advisory:

Reflected XSS in Flickr Justified Gallery could allows unauthenticated attackers to do almost anything an admin can do

Vulnerability

Last revised:

This plugin contains a reflected XSS vulnerability which would allow an unauthenticated attacker to do almost anything an admin user can do.

For this to happen, the administrator would have to be tricked into clicking on a link controlled by the attacker. It is easy to make these links very convincing.

Current state: Fixed

CVSS Summary

CVSS base scores for this vulnerability
Score 5.8 Medium
Vector Network
Complexity Medium
Authentication None
Confidentiality Partial
Integrity Partial
Availability None
You can read more about CVSS base scores on Wikipedia or in the CVSS specification.

Proof of concept

Visit a page containing the following in Firefox or any other browser with no reflected XSS mitigation strategies, and click submit:

<form action="http://localhost/wp-admin/options-general.php?page=fjgwpp.php" method="POST">
<input type="text" name="fjgwpp_userID" value=":&quot;>&lt;script>alert(1)&lt;/script>">
<input type="text" name="Submit" value="Save Changes">
<input type="submit">
</form>

Advisory timeline

  • 2015-07-21: Discovered
  • 2015-07-22: Reported to vendor via email
  • 2015-07-22:¬†Requested CVE
  • 2015-07-23: Vendor responded confirming fixed in 3.4.0
  • 2015-07-28: Published

Mitigation/further actions

Upgrade to version 3.4.0 or later