wp-plugin : shortcode-ninja

Plugin Details
Plugin Name: wp-plugin : shortcode-ninja
Effected Version : 1.4 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Identified by : prajalkulkarni
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :

Disclosure Timeline
Vendor Contacted : 2014-01-21
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number : CVE-2014-4550
Plugin Description :
[| Preview and customize WooThemes shortcodes before inserting them. This plugin adds the Shortcode Ninja button to the Visual Editor. Click on the Ninja button and pick one of the many WooThemes shortcodes from the list. You can set shortcode attribues and see a preview of the result before inserting the shortcode into the post. The active theme must be from <a href="http://www.visualshortcodes.com/woothemes" title="WooThemes WordPress Themes">WooThemes.com</a> with a recent version of the WooFramework installed. = List of Features = * **All Shortcodes In One Place** No need to memorize all shortcodes. Access all 18 built-in WooThemes shortcodes from the Ninja Button in the Visual Editor. * **Live Preview** Customized shortcode or the default look – either way you see a preview of what the result will look like in the post. * **Create Column Layouts Like a Pro** Decide how many columns you want. Click on the different column sizes to add them. Insert. Done. * **Automatic Link Validation** Gone are the days of broken download links! Ninja link validation is included. * **Works with all themes from WooThemes.com** WooThemes are based on the WooFramework. The framework comes with a huge set of shortcodes to create buttons, info boxes, column layouts, social buttons, and more. = Note = Plugin was tested with WordPress version 2.9.2 to 3.0.1, but may work with older versions, too. ]