WPTouch [Unauthenticated Stored XSS]
Description
This vulnerability relies on the process_desktop_shortcodes option being enabled. It appears this is only visible in
the UI in the pro version, but the underlying code exists in the free version. For mobile users, this feature will
render the DOM and send the result HTML content back to the server to be cached. No filtering/validation is done on it,
and the HTML is cached for 24 hours. An attacker can inject any script tags to this HTML to XSS another mobile user.
INFO
- 27 April 2016
- Pan Vag
- www.wptouch.com
- wordpress.org
- 3.0.9.2
- WordPress 4.5.1
- DWF-2016-87032