WordPress Adaptive Images < 0.6.69 - Cross-Site Scripting

What is "WordPress Adaptive Images < 0.6.69 - Cross-Site Scripting?"

The "WordPress Adaptive Images < 0.6.69 - Cross-Site Scripting" module is designed to detect a vulnerability in the WordPress Adaptive Images plugin. This plugin version is susceptible to cross-site scripting (XSS) attacks due to a lack of sanitization and escaping of the REQUEST_URI before outputting it back in the response. The module has a high severity rating and was authored by dhiyaneshDK.

Impact

If exploited, this vulnerability allows attackers to inject malicious scripts into the website, potentially leading to unauthorized access, data theft, or other malicious activities. It poses a significant risk to the security and integrity of the affected WordPress site.

How the module works?

The module works by sending a specific HTTP request to the target WordPress site with a payload that triggers the XSS vulnerability. It then analyzes the response to determine if the vulnerability is present. The matching conditions used by the module include:

- Checking if the response contains the payload "<img/src/onerror=alert(document.domain)>" or the string "<td>Image</td>". - Verifying that the response header includes the string "text/html". - Ensuring that the response status code is 200.

If all of these conditions are met, the module reports the vulnerability, indicating that the WordPress Adaptive Images plugin is vulnerable to XSS attacks.