WordPress Altos Connect Widget 1.3.0 Cross Site Scripting

Posted on Posted in Exploit

WordPress Altos Connect Widget plugin version 1.3.0 suffers from a cross site scripting vulnerability.

Title: WordPress 'Altos Connect Widget' Plugin 
Version: 1.3.0
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Date: 2015-06-15
- https://wordpress.org/plugins/altos-connect/
- https://plugins.svn.wordpress.org/altos-connect/
Notified WordPress: 2015-06-21

## Plugin description
Description: Altos Connect registration widget for WordPress®. Altos Connect registration widget for WordPress®. The Altos Connect plugin can be us

## XSS vulnerability
The _SERVER variable 'PHP_SELF' is printed without sanitization in a captcha demo page (which is not removed when installing). This can be exploited with a direct link to the vulnerable file.


It seems like this is fixed in the newest version of jquery-validate, but this plugin has not been patched.

## Solution
No fix available

Vulnerability found using Eir; an early stage static vulnerability scanner for PHP applications.

Quelle: Packet storm Security