WordPress <=4.5.1 is vulnerable against a reflected XSS that stems from an insecure URL sanitization process performed in the file flashmediaelement.swf. The code in the file attempts to remove flashVars in case they have been set GET parameters but fails to do so, enabling XSS via ExternalInterface .
The attack technique was first described by Soroush Dalili in 2013. The vulnerability in flashmediaelement.swf was discovered in April 2016, first identified as SOME bug by Kinugawa. Then, after a team review, the XSS potential was discovered and analyzed by Heiderich, Kinugawa and Inführ. Finally, it was discovered, that this file comes packaged with latest WordPress and the issue was reported via HackerOne by Heiderich et al.
1 Response
Please include code for triggering XSS.
Share Your Thoughts