wp-plugin : podcasting

Plugin Details
Plugin Name: wp-plugin : podcasting
Effected Version : 3.0.8 (and most probably lower version's if any)
Vulnerability : Components with Known Vulnerabilities
Identified by : prajalkulkarni
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :

http://127.0.0.1/wordpress/wp-content/plugins/podcasting/player/mediaplayer.swf?file=http://nmap.org/images/sitelogo.png


Disclosure Timeline
Vendor Contacted : 2013-12-15
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number :
Plugin Description :
[| The Podcasting plugin by TSG brings complete podcasting support to WordPress. Podcasting will take a file from somewhere on the web (either your site or another site) and it will add it to an iTunes-based feed. Podcasting also includes a player allowing visitors to your site to view the file on the web. = Features = - Adds a dedicated Podcasting feed with full iTunes support - Includes the ability to have multiple podcasting feeds based on file format or other factors - Includes both an audio and video player for in-post listening/watching - Fully integrates with any existing enclosures already stored in WordPress - Offers a migration tool for users of podPress For more information, visit the [Podcasting plugin site](http://podcastingplugin.com/). ]