Acunetix WP Security 3.0.3 XSS

vendor:

Acunetix WP Security

by:

Johto Robbie

5.5

CVSS

MEDIUM

Cross-Site Scripting (XSS)

CWE

Product Name: Acunetix WP Security

Affected Version From: 3.0.3

Affected Version To: 4.5.2000

Patch Exists: YES

Related CWE:

CPE: a:acunetix:wp_security:3.0.3

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 with Apache 2.4.17 and PHP 5.6.16

2016

Acunetix WP Security 3.0.3 XSS

The Acunetix WP Security plugin 3.0.3 is vulnerable to Cross-Site Scripting (XSS) attacks. By inserting scripts into the content search field in WordPress, an attacker can exploit this vulnerability and execute malicious code.

Mitigation:

Update the Acunetix WP Security plugin to version 4.5.1 or higher.

Source

Exploit-DB raw data:

1. Introduction

# Exploit Title: Acunetix WP Security 3.0.3 XSS
# Date: May.03.2016
# Exploit Author: Johto Robbie
# Facebook: https://www.facebook.com/johto.robbie
# Vendor: VN Hacker News
# Tested On: Apache 2.4.17 / PHP 5.6.16 / Windows 10 / WordPress 4.5.1
# Category: Webapps
# Software Link:
http://localhost:8888/wordpress/wp-admin/admin.php?page=swpa_live_traffic

2. Descryption:

I have to insert scripts into the content search wordpress. The result is
that it is logging in Acunetix Secure WordPress. Taking advantage of this,
I have exploited XSS vulnerability

<span class="w-entry"><a
href="http://localhost:8888/wordpress/?s="><script>alert("Johto.Robbie"</script>"
target="_blank" title="Opens in a new tab">
http://localhost:8888/wordpress/?s=
"><script>alert("Johto.Robbie"</script></a></span>

Video Demonstration:
https://www.youtube.com/watch?v=L8t3_HGriP8&feature=youtu.be



3. Report Timeline

02-05-2016 : Discovered
02-05-2016 : Vendor notified


4. Solution

Update to version 4.5.1