Vulnerability

Computer Repair Shop is vulnerable to stored XSS. When a user has admin capabilities, malicious code can be submitted through the plugin’s options. Fixed in version 2.0.

Proof of concept

The plugin’s options provided a basic HTML validation, which could be bypassed by copying + pasting malicious code into the text-field. The last character would be stripped from the code. After posting, malicious code could be executed by the browser.

Proof of concept video: https://youtu.be/qulQTOqAyL4

Plugin details

Plugin name: Computer Repair Shop
Plugin URL: https://wordpress.org/plugins/computer-repair-shop/
Plugin Author: WebfulCreations

Timeline

  • Friday 10th of january 2020: Vulnerability detected by Jeroen Mulder. Plugin’s author notified
  • Saturday 11th of january 2020: Vulnerability fixed by the author in version 2.0
  • Monday 13th of january 2020: Vulnerability made public on wpvulndb.com

Geschreven door:

Jeroen Mulder

Jeroen kookt, hackt en beklimt bergen.