WordPress Ajax Category Dropdown Plugin Cross Site Scripting and SQL Injection Vulnerabilities

Published: 2011-05-02 10:20:04

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact:
Successful exploitation could allow an attacker to steal cookie - based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Affected Versions:
WordPress Ajax Category Dropdown Plugin version 0.1.5

Technical Details:
The flaw is due to failure in the '/wp-content/plugins/ ajax-category-dropdown/includes/dhat-ajax-cat-dropdown-request.php' script to properly sanitize user-supplied input.

Recommendations:
No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Summary:
This host is running WordPress Ajax Category Dropdown Plugin and is prone to cross site scripting and SQL injection vulnerabilities.

Detection Type:
Remote Vulnerability

Solution Type:
Vendor will not fix

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/47529

References:

http://packetstormsecurity.org/files/view/100686/ajaxcdwp-sqlxss.txt
http://www.htbridge.ch/advisory/xss_in_ajax_category_dropdown_wordpress_plugin.html
http://www.htbridge.ch/advisory/multiple_sql_injection_in_ajax_category_dropdown_wordpress_plugin.html

Search
Severity
Medium
CVSS Score
5.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.