CSRF and stored XSS vulnerability in Wordpress plugin LeenkMe version 2.5.0

vendor:

LeenkMe

by:

Anonymous

8,8

CVSS

HIGH

Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)

352

CWE

Product Name: LeenkMe

Affected Version From: 2.5.0

Affected Version To: 2.5.0

Patch Exists: YES

Related CWE: N/A

CPE: a:wordpress:leenkme

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: WordPress

2016

CSRF and stored XSS vulnerability in WordPress plugin LeenkMe version 2.5.0

The plugin LeenkMe version 2.5.0 is vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS). The XSS vulnerable fields are facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, and _wp_http_referer. The vulnerable page is wp-content/plugins/leenkme/facebook.php and the vulnerable code producing XSS is if ( !empty( $_REQUEST['facebook_message'] ) ) $user_settings['facebook_message'] = $_REQUEST['facebook_message']; else $user_settings['facebook_message'] = ''; if ( !empty( $_REQUEST['facebook_linkname'] ) ) $user_settings['facebook_linkname'] = $_REQUEST['facebook_linkname']; else $user_settings['facebook_linkname'] = ''; if ( !empty( $_REQUEST['facebook_caption'] ) ) $user_settings['facebook_caption'] = $_REQUEST['facebook_caption']; else $user_settings['facebook_caption'] = ''; if ( !empty( $_REQUEST['facebook_description'] ) ) $user_settings['facebook_description'] = $_REQUEST['facebook_description']; else $user_settings['facebook_description'] = '';

Mitigation:

The user should update the plugin to the latest version and apply the necessary security patches.

Source

CSRF and stored XSS vulnerability in WordPress plugin LeenkMe version 2.5.0

Mitigation:

Exploit-DB raw data: