Vigil@nce - WordPress Ultimate Member: Cross Site Scripting of the parameter "url"
August 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can trigger a Cross Site Scripting in "admin-ajax.php"
of WordPress Ultimate Member, in order to execute JavaScript code
in the context of the web site.
Impacted products: WordPress Plugins not comprehensive.
Severity: 2/4.
Creation date: 19/06/2015.
DESCRIPTION OF THE VULNERABILITY
The Ultimate Member plugin can be installed on WordPress.
However, it does not filter data received from the parameter "url"
in the page "admin-ajax.php" before inserting them in generated
HTML documents.
An attacker can therefore trigger a Cross Site Scripting in
"admin-ajax.php" of WordPress Ultimate Member, in order to execute
JavaScript code in the context of the web site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN