CVSS Summary
| Score | 7.5 High |
|---|---|
| Vector | Network |
| Complexity | Low |
| Authentication | None |
| Confidentiality | Partial |
| Integrity | Partial |
| Availability | Partial |
Advisory:
XSS in Duplicate Post 2.4.1
Vulnerability
Last revised:
This plugin contains a reflected XSS vulnerability which can be used against admin users.
Current state: Fixed
Proof of concept
Works in browsers that don’t attempt to block reflected XSS:
http://localhost/wp-admin/options-general.php?action=duplicate_post_save_as_new_post&post=%3Cscript%3Ealert%28123%29%3C/script%3E
Advisory timeline
- 2013-10-29: Discovered
- 2014-02-26: Reported
- 2014-03-17: Updated version discovered which reports issue fixed.
Mitigation/further actions
Upgrade immediately.