header-logo
Suggest Exploit
vendor:
Lanoba Social Plugin
by:
Not provided
N/A
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: Lanoba Social Plugin
Affected Version From: 1.0
Affected Version To: Not provided
Patch Exists: NO
Related CWE: Not provided
CPE: a:lanoba_social_plugin_for_wordpress:lanoba_social_plugin:1.0
Metasploit:
Other Scripts:
Platforms Tested: WordPress
2011

Lanoba Social Plugin for WordPress Cross-Site Scripting Vulnerability

The Lanoba Social Plugin for WordPress is vulnerable to a cross-site scripting (XSS) vulnerability due to improper input sanitization. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a user visiting the affected site, potentially leading to the theft of authentication credentials and other attacks.

Mitigation:

Apply the latest version of the plugin or remove it if not necessary. Regularly update all WordPress plugins and themes to minimize the risk of XSS vulnerabilities. Implement input validation and output encoding to prevent XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/50746/info

Lanoba Social Plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Lanoba Social Plugin 1.0 is vulnerable; other versions may also be affected.

UPDATE (Nov 28, 2011): The vendor refutes this issue claiming they are not able to replicate the problem, and all inputs are sanitized. This BID will be updated, and possibly retired pending further information. 

http://www.example.com/[path]/wp-content/plugins/lanoba-social-plugin/index.php?action=[xss]