X CLOSE

Enter your email below to sign up for latest updates from Appcheck NG.

CLOSE

Simply complete the info below and we'll send you all you need to activate AppCheck NG and undertake your FREE scan.

Please enter individual IP addresses or ranges

Please enter full URLs for your web applications, and both http and https where appropriate

WordPress 4.5.1 Cross-Site Scripting (CVE-2016-4566)


wordpressWordPress versions 4.5.1 and earlier are affected by a XSS vulnerability through Plupload,the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.

Scanning WordPress

AppCheck NG includes dedicated WordPress and Adobe Flash scanning modules. This flaw was already flagged by AppCheck prior to the public disclosure under the heading “Flash Cross Site Scripting via ExternalInterface.call“. AppCheck NG does not rely on vulnerability databases but rather adopts the same approach used in consultant led penetration testing. In this case the Adobe Flash static analysis module identifies that a Flashvar variable is passed to ExternalInterface.call resulting in a Cross-Site Scripting vulnerability.

To simplify the remediation process AppCheck was updated within hours of the public disclosure to correctly identify the flaw as a know vulnerability in WordPress.

Exploit Examples
Vulnerable versions will execute the javascript code alert(1) when the following URI are accessed in the Chrome web browser:

http://[WORDPRESS_SITE]/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alert`1`

http://[WORDPRESS_SITE]/wp-includes/js/plupload/plupload.flash.swf?target%g=alert&uid%g=hello&

Solution

Upgrade to the latest release of WordPress, 4.5.2 at the time of publication.