NinTechNet discovered a multiple security issues within the Download Plugins and Themes from Dashboard WordPress plugin. The plugin's setting update request did not check for authorisation, allowing an unauthenticated user to inject malicious JavaScript, which would be stored in the backend database. The vendor fixed the issue by checking the user's capabilities, adding a Cross-Site Request Forgery (CSRF) nonce and encoding the affected paramater's output.

First seen on:

Share This: