WP Flash Player 1.3 - Multiple Cross-site Scripting

Advisory ID: RO-15-011
Severity: High
Vendor: WordPress
Product: WP Flash Player
Version: 1.3

Overview #

Multiple Cross-site Scripting (XSS) vulnerabilities exist in WP Flash Player WordPress Plugin version 1.3.

Vulnerability Details #

Affected Versions: 1.3 and earlier

Root Cause: Insufficient input validation in admin panel parameters.

Status: Not fixed by developer

Technical Details #

Vulnerable URL: /wp-admin/admin.php?page=hdflv

Vulnerable Parameters (POST):

  • plfilter
  • search

Attack Pattern:

0'"--></style></scRipt><scRipt>alert(0x000862)</scRipt>

Exploitation Requirements #

  • Admin authentication required
  • Victim must be logged in as admin

Impact #

Remote attackers can exploit these vulnerabilities to:

  • Steal admin session cookies
  • Perform administrative actions
  • Compromise the WordPress installation

Solution #

The vulnerabilities have not been fixed by the developer. Consider using an alternative plugin.

References #

Timeline:

  • [2015-03-17] - First Contact
  • [2015-06-01] - Second Contact
  • [2015-06-30] - Third Contact
  • [2015-07-15] - Advisory Released

Credits: Omar Kurt