WordPress Cross Site Scripting Vulnerability in templates.php Uncovered

Folks, if you’re using WordPress to run your blogs (we are!), I suggest you go and download the latest version (2.06, which is in development stage as of this writing) or at least install some patches. Recently, a Cross-Site Scripting (XSS) vulnerability has been discovered that could permit malicious code injection into the core files of WordPress blogs.


David Kierznowski writes at Operation N:

When editing files a shortcut is created titled ‘recently accessed files’. The anchor tag text is correctly escaped with wp_specialchars(); however, the link title is not sanitised. Instead, it is passed to get_file_description($file). The only restriction or limitation here is that our text is passed through basename. This means standard script tags will fail when ending with ‘/’. We can get around this by using open IMG tags; this works under FF and IE.

If that’s Greek to you (it is to me), you can check out Security Focus, which has a description more attuned to layman speak.

Wordpress is prone to a HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

Tech Buzz lists the vulnerable versions (almost all versions prior to 2.06), and adds,

A Cross-site scripting (XSS) vulnerability has been in found in wp-admin/template.php which could allow malicious web users to inject arbitary web scripts or HTML code through the file parameter.

See Also
Affordable Housing Design

This exploit could allow remote attackers to do nasty things by injecting php or html codes into your wordpress core files.

The vulnerability is in the templates.php script, and if you would rather not upgrade to the latest WP version yet (because of heavy customizations, incompatible templates, hacks, plugins, etc.), you can work around the problem by either commenting out a line or replacing the file with a patched version.

  • Comment out line 72 in /wp-admin/templates.php, which contains update_recently_edited($file);
  • Patch templates.php with that from the latest WP version (file can be downloaded here).

And that, folks, is one great thing with open source software. Everyone can pitch in, and if there are vulnerabilities, these are more easily found and resolved, as compared to closed software, which would require a centralized development team to provide fixes.

[via Stellify]

Feeling stuck in self-doubt?

Stop trying to fix yourself and start embracing who you are. Join the free 7-day self-discovery challenge and learn how to transform negative emotions into personal growth.

Join Free Now

Picture of J. Angelo Racoma

J. Angelo Racoma

J. Angelo Racoma is a technology journalist for CMSWire and TFTS. A former editor at Splashpress Media, The Blog Herald and Performancing, he now does consultancy work through WorkSmartr.com. Follow him at racoma.net and on Twitter.

RECENT ARTICLES

TRENDING AROUND THE WEB

8 tone-deaf phrases privileged people use without realizing it, says psychology

8 tone-deaf phrases privileged people use without realizing it, says psychology

Global English Editing

5 Zodiac signs who struggle in their early years but thrive as they get older

5 Zodiac signs who struggle in their early years but thrive as they get older

Parent From Heart

5 zodiac signs who always look stylish

5 zodiac signs who always look stylish

My Inner Creative

9 phrases socially awkward people use that make them sound desperate

9 phrases socially awkward people use that make them sound desperate

NewsReports

4 zodiac signs who never take the first step even when they are attracted to someone

4 zodiac signs who never take the first step even when they are attracted to someone

My Inner Creative

8 things narcissists hate because they can’t control you when you do them

8 things narcissists hate because they can’t control you when you do them

Global English Editing