wp-plugin : infusionsoft

Plugin Details
Plugin Name: wp-plugin : infusionsoft
Effected Version : 1.5.7 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Identified by : prajalkulkarni
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :



Disclosure Timeline
Vendor Contacted : 2014-01-22
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number : CVE-2014-4536
Plugin Description :
[| ### The best Infusionsoft plugin for WordPress. Easily add contacts into Infusionsoft when users submit a Gravity Forms form. Map your Gravity Forms form fields to Infusionsoft data, and have contacts automatically updated if the contact already exists. ####Easily view contacts in Infusionsoft When the Entry is created, a link to the Contact's page in Infusionsoft is shown inside WordPress. ### It's the best form plugin combined with the best CRM service. Forget manually adding the Infusionsoft Web Forms into your WordPress site. Use Gravity Forms, and you'll be on your way with a beautiful, smart form in minutes. #### Coming soon... If this plugin garners much interest, there will be some seriously cool stuff coming, including: * Invoices & Orders integrated with Gravity Forms payments * Creation of Opportunities and Companies * <s>Custom fields for Contacts</s> - Added in 1.2! * <s>Add Tags to Contacts</s> - Added in 1.3! * Add Contacts to Campaigns * And much more If you're interested in having this functionality, <strong>leave us a note in the support forum →!</strong> ]