wp-plugin : wp-lightpop | Code Vigilant : to err is human.. To fix is Humanity

wp-plugin : wp-lightpop
Plugin Details

Plugin Name: wp-plugin : wp-lightpop

Effected Version : 0.8.5.6 (and most probably lower version's if any)

Vulnerability : Components with Known Vulnerabilities

Identified by : prajalkulkarni

WPScan Reference URL

Technical Details

Minimum Level of Access Required : Unauthenticated

PoC - (Proof of Concept) :

http://127.0.0.1/wordpress/wp-content/plugins/wp-lightpop/mediaplayer.swf?file=http://nmap.org/images/sitelogo.png

Disclosure Timeline

Vendor Contacted : 2013-12-13

Plugin Status : Updated on 2014-01-11

Public Disclosure : May 25, 2014

CVE Number :

Plugin Description :

[|
    	WP-lightpop plugin is used to overlay images and videos (YouTube, Dailymotion, nicovideo...) on the current page.
    
    = Localization =
    
    * Japanese (ja) - [OKAMOTO Wataru](http://dogmap.jp/ "dogmap.jp") (plugin author)
    * Turkish (tr_TR) - [Hakan Demiray](http://www.dmry.net/ "Günlük Haftalık Aylık")
    
    If you have translated into your language, please let me know.	
]