Wordpress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability

Title: Wordpress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability
Advisory ID: ZSL-2013-5140
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 11.05.2013
Summary
Securimage-WP adds powerful CAPTCHA protection to comment forms on posts and pages to help prevent comment spam from getting onto your site.
Description
Securimage-WP suffers from a XSS issue in 'siwp_test.php' that uses the 'PHP_SELF' variable. The vulnerability is present because there isn't any filtering to the mentioned variable in the affected script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
Vendor
Securimage PHP CAPTCHA - https://wordpress.org/extend/plugins/securimage-wp/
Affected Version
3.2.4
Tested On
Microsoft Windows 7 Ultimate SP1 (EN)
Apache 2.4.2 (Win32)
PHP 5.4.7
MySQL 5.5.25a
Vendor Status
[24.04.2013] Vulnerability discovered.
[24.04.2013] Contact with the vendor.
[24.04.2013] Vendor promises patch.
[10.05.2013] No reply from the vendor.
[11.05.2013] Public security advisory released.
PoC
securimage_wp_xss.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://cxsecurity.com/issue/WLB-2013050098
[2] http://www.securityfocus.com/bid/59816
[3] http://secunia.com/advisories/53376/
[4] http://www.osvdb.org/show/osvdb/93259
[5] http://packetstormsecurity.com/files/121588
[6] http://xforce.iss.net/xforce/xfdb/84186
[7] https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/securimage-wp/securimage-wp-plugin-351-reflected-cross-site-scripting
[8] https://exchange.xforce.ibmcloud.com/vulnerabilities/84186
[9] https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-securimage-wp-cross-site-scripting-3-2-4/
[10] https://wordpress.org/plugins/securimage-wp/#developers
[11] https://plugins.trac.wordpress.org/changeset/729639
Changelog
[11.05.2013] - Initial release
[13.05.2013] - Added reference [1], [2] and [3]
[14.05.2013] - Added reference [4], [5] and [6]
[16.12.2022] - Added reference [7], [8], [9], [10] and [11]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk