Release date:
Updated on: 2013-02-21
Affected Systems:
WordPress Car Demon Plugin 1.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 58017
WordPress Car Demon is a dedicated plug-in for vehicle dealer management.
WordPress Car Demon 1.0.1 and other versions have multiple implementation vulnerabilities, which can be exploited by malicious users to execute script insertion attacks. The "Editor" permission is required to successfully exploit this vulnerability.
1. No correct verification/wp-admin/post. php ("post_type" is set to "cars_for_sale") "_ msrp_value", "_ rebates_value", "_ discount_value", "_ price_value", "_ exterior_color_value ", "_ interior_color_value", "_ mileage_value", "_ stock_value", "_ images_value", "_ cylinders_value", "_ doors_value", and "_ fuel_type_value" are valid.
2. No correct authentication/wp-admin/edit. "default_service_name", "default_parts_name", "default_finance_name", and "default_finance_name" of php ("post_type" is set to "cars_for_sale", "page" is set to "car_demon.
<* Source: Zhao Liang
Link: http://secunia.com/advisories/51088
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
WordPress
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://wordpress.org/extend/plugins/car-demon/
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
