Google XML Sitemaps <= 4.0.8 - Authenticated Reflected XSS (via HOST header)



Description
The plugin contains a Paypal donate button that is echoing the global variable HTTP_HOST, which can be manipulated by the visitor.

Vulnerable Code:

sitemap-ui.php L1310
echo 'http://' . $_SERVER['HTTP_HOST']...

Affects Plugin

fixed in version 4.0.9

References

URL https://plugins.trac.wordpress.org/browser/google-sitemap-generator/trunk/sitemap-ui.php#L1310

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Gerard Arall
Views 5421
Verified No
WPVDB ID 8762

Timeline

Publicly Published 2017-03-01 (over 2 years ago)
Added 2017-03-03 (over 2 years ago)
Last Updated 2017-07-26 (over 2 years ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin