WordPress si captcha Anti-Spam plugin 'index. php' Cross-Site Scripting Vulnerability

WordPress si captcha Anti-Spam plugin 'index. php' Cross-Site Scripting Vulnerability

Release date:
Updated on:

Affected Systems:
WordPress si captcha Anti-Spam 2.7.7.4
WordPress si captcha Anti-Spam
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69011
 
The WordPress si captcha Anti-Spam plug-in can add CAPTCHA Anti-Spam methods to the comments, registration, and password forgetting forms of the WordPress website.
 
Si captcha Anti-Spam 2.7.7.4 and other versions do not effectively filter user input. The cross-site scripting vulnerability exists in implementation. Attackers can exploit this vulnerability to execute arbitrary code in the context of the affected site.
 
<* Source: Ashiyane Digital Security Team
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/test/index.php/&quot;/&amp;gt;&amp;lt;script&amp;gt;alert (1); & amp; lt;/script & amp; gt;

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
WordPress
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
 
Http://wordpress.org/plugins/si-captcha-for-wordpress/

This article permanently updates the link address: