wp-plugin : gdeslon-affiliate-shop

Plugin Details
Plugin Name: wp-plugin : gdeslon-affiliate-shop
Effected Version : 2 (and most probably lower version's if any)
Vulnerability :
Identified by : prajalkulkarni
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :

http://127.0.0.1/wordpress/wp-content/wp-plugs/gdeslon-affiliate-shop/go.php?url=http://www.google.com


Disclosure Timeline
Vendor Contacted : 2014-01-21
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number :
Plugin Description :
[| http://blog.gdeslon.ru/2012/02/wordpress-plagin-dlya-partnerskogo-magazina-2-0/ http://blog.gdeslon.ru/2011/09/plagin-dlya-sozdaniya-partnyorskogo-internet-magazina/ http://www.gdeslon.ru/affiliate-examples/xml-files Тема для плагина: http://plugins.svn.wordpress.org/gdeslon-affiliate-shop/trunk/themes/GdeSlon-affiliate-shop-theme-begi.zip ВНИМАНИЕ! С версии 2.0 плагин требует установки плагина Woocommerce (http://wordpress.org/plugins/woocommerce/) и использует темы для Woocommerce. Вопросы и пожелания - info at gdeslon.ru ]