wp-plugin : wp-lightpop

Plugin Details
Plugin Name: wp-plugin : wp-lightpop
Effected Version : 0.8.5.6 (and most probably lower version's if any)
Vulnerability : Components with Known Vulnerabilities
Identified by : prajalkulkarni
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :

http://127.0.0.1/wordpress/wp-content/plugins/wp-lightpop/mediaplayer.swf?file=http://nmap.org/images/sitelogo.png


Disclosure Timeline
Vendor Contacted : 2013-12-13
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number :
Plugin Description :
[| WP-lightpop plugin is used to overlay images and videos (YouTube, Dailymotion, nicovideo...) on the current page. = Localization = * Japanese (ja) - [OKAMOTO Wataru](http://dogmap.jp/ "dogmap.jp") (plugin author) * Turkish (tr_TR) - [Hakan Demiray](http://www.dmry.net/ "Günlük Haftalık Aylık") If you have translated into your language, please let me know. ]