BulletProof Security 0.53.3 - Multiple Cross-site Scripting
Advisory ID: RO-16-007
Severity: Medium
Vendor: AITpro
Product: BulletProof Security
Version: 0.53.3


Overview #

Multiple Cross-site Scripting (XSS) vulnerabilities exist in BulletProof Security WordPress Plugin version 0.53.3.


Vulnerability Details #

Affected Versions: 0.53.3 and earlier

Root Cause: Insufficient input validation in security log page.
Technical Details #

Vulnerable URL: /wp-admin/admin.php?page=bulletproof-security/admin/security-log/security-log.php

Vulnerable Parameter (POST): user-agent-ignore

Attack Pattern:

'"--></style></scRipt><scRipt>alert(0x001E32)</scRipt>



Exploitation Requirements #

    Admin authentication required
    Victim must interact with the malicious element

Impact #

Remote attackers can exploit these vulnerabilities to:

    Steal admin session cookies
    Perform administrative actions
    Bypass security logging features



Solution #

Update to the latest version. See BPS Changelog.


References #

    Invicti Advisory NS-16-003

Timeline:

    [2016-03-15] - First Contact
    [2016-03-23] - Vendor Fixed
    [2016-05-09] - Advisory Released

Credits: Omar Kurt