Download Plugins and Themes from Dashboard <= 1.5.0 - Unauthenticated Stored XSS



Description
NinTechNet discovered a multiple security issues within the Download Plugins and Themes from Dashboard WordPress plugin. The plugin's setting update request did not check for authorisation, allowing an unauthenticated user to inject malicious JavaScript, which would be stored in the backend database.

The vendor fixed the issue by checking the user's capabilities, adding a Cross-Site Request Forgery (CSRF) nonce and encoding the affected paramater's output.

Affects Plugin

fixed in version 1.6.0

References

CVE 2019-17239
URL https://blog.nintechnet.com/stored-xss-vulnerability-in-wordpress-download-plugins-and-themes-from-dashboard-plugin/
URL https://plugins.trac.wordpress.org/changeset/2166019/download-plugins-dashboard

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher NinTechNet
Submitter Twitter nintechnet
Views 4125
Verified No
WPVDB ID 9896

Timeline

Publicly Published 2019-10-02 (about 1 month ago)
Added 2019-10-02 (about 1 month ago)
Last Updated 2019-10-09 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin