------------------------------------------------------------------------ Title: Cross-Site Scripting in Foobar plugin ------------------------------------------------------------------------ Affected Product: Foobar WordPress plugin Tested Version(s): Foobar 1.2.3 / WordPress 4.5.3 Product Homepage: https://wordpress.org/plugins/foo-bar/ Download URL: https://downloads.wordpress.org/plugin/foo-bar.1.2.3.zip Pre-/Post-auth: Post-auth Role required: Subscriber CSRF-token: no Should we report find: yes Name for credits: John Doe ------------------------------------------------------------------------ Vulnerability Description/Technical Details ------------------------------------------------------------------------ A Reflected Cross-Site Scripting vulnerability exists in the Foobar WordPress plugin. This vulnerability allows an attacker to perform any action with the privileges of the target user. The affected code is not protected with an anti-Cross-Site Request Forgery token. Consequently, it can be exploited by luring the target user into clicking a specially crafted link or visiting a malicious website (or advertisement). The vulnerability exists in the file ./foo-bar/includes/foobar.php (line 42): var ajax_url = ""; The vulnerability can be exploited using a specially crafted ajaxurl URL parameter. ------------------------------------------------------------------------ Vulnerability/Configuration Requirements ------------------------------------------------------------------------ In order to exploit this issue the target user must click a specially crafted link or visit a malicious website (or advertisement). ------------------------------------------------------------------------ Proof of concept ------------------------------------------------------------------------ ------------------------------------------------------------------------