exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

WordPress Register Plus Redux Cross Site Scripting

WordPress Register Plus Redux Cross Site Scripting
Posted Mar 30, 2012
Authored by MustLive

Register Plus Redux version 3.7.2 for WordPress appears to suffer from additional cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | db3fb962011dd8d10dc7bbbb09fa3e33e1b8850fab7bbad4805726fff8226418
Download | Favorite | View

WordPress Register Plus Redux Cross Site Scripting

Change Mirror Download
Hello list!

I want to warn you new about security vulnerabilities in Register Plus Redux
for WordPress.

These are Cross-Site Scripting vulnerabilities. After finding and fixing of
36 vulnerabilities in plugin Register Plus Redux in the end of previous
year, I've released my version of the plugin with fixed vulnerabilities of
original plugin. And recently during security audit of web site, on which
Register Plus Redux was using, I've found two new XSS vulnerabilities in
this plugin (which also take place on forks of this plugin).

-------------------------
Affected products:
-------------------------

Affected functionality appeared in Register Plus Redux potentially from
version 3.7.2.

Vulnerable are original Register Plus Redux and all plugins based on it.
Particularly vulnerable are Register Plus Redux 3.7.2 and next versions, my
versions Register Plus Redux 3.8 - 3.8.3, Register Plus Redux Auto Login
3.8.1 and previous versions.

At 25.03.2012 I've fixed these vulnerabilities in my version Register Plus
Redux 3.8.4.

----------
Details:
----------

XSS (WASC-08):

At page http://site/wp-login.php?action=register in parameters user_login
and user_email.

http://websecurity.com.ua/uploads/2012/Register%20Plus%20Redux%20XSS-1.html

http://websecurity.com.ua/uploads/2012/Register%20Plus%20Redux%20XSS-2.html

These vulnerabilities are concerned with variable-width-encoding (with using
of this technique it's possible to bypass protection filters). These
exploits are for IE6, for other browsers other characters need to be used
(this attack is possible in old browsers).

------------
Timeline:
------------

2012.03.25 - found these vulnerabilities in the plugin.
2012.03.25 - fixed these vulnerabilities in my version of the plugin 
(Register Plus Redux 3.8.4).
2012.03.26-27 - informed users of my plugin and supplied them with new 
version.
2012.03.27 - disclosed at my site.
2012.03.28 - informed developer of original plugin.

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/5745/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close