Simple Share Buttons Adder <= 6.0.0 - Reflected Cross-Site Scripting (XSS)



Description
A reflected XSS in "Simple Share Buttons Adder" before version 6.0.1 lead to a reflected cross-site scripting vulnerability on all pages where the "Simple Share Buttons Adder" was added (usually all blog posts).

Exploitation required that the browser did not encode the parameters sent to the server. Most prominently this thus affects Internet Explorer but is not exploitable on recent versions of Chrome or Firefox.
Proof of Concept
curl "http://output.com/index.php/2015/06/02/hello-world/?<script>alert(1)</script>" will result in:

<a class="ssba_google_share" href="https://plus.google.com/share?url=http://output.com/2015/06/02/hello-world?<script>alert(1)</script>"

Patch in ssba_current_url can be found at https://plugins.trac.wordpress.org/changeset/1172761/simple-share-buttons-adder/trunk

Affects Plugin

fixed in version 6.0.1

References

CVE 2015-9303
URL https://wordpress.org/plugins/simple-share-buttons-adder/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Lukas Reschke
Submitter Website https://www.owncloud.com
Views 7324
Verified No
WPVDB ID 8021

Timeline

Publicly Published 2015-06-02 (about 5 years ago)
Added 2015-06-02 (about 5 years ago)
Last Updated 2019-11-28 (7 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin