Plugin Details
Plugin Name: wp-plugin : wp-lightpop
Effected Version : 0.8.5.6 (and most probably lower version's if any)
Vulnerability : Components with Known Vulnerabilities
Identified by : prajalkulkarni
Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :
http://127.0.0.1/wordpress/wp-content/plugins/wp-lightpop/mediaplayer.swf?file=http://nmap.org/images/sitelogo.png
Disclosure Timeline
Vendor Contacted : 2013-12-13
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number :
Plugin Description :
[|
WP-lightpop plugin is used to overlay images and videos (YouTube, Dailymotion, nicovideo...) on the current page.
= Localization =
* Japanese (ja) - [OKAMOTO Wataru](http://dogmap.jp/ "dogmap.jp") (plugin author)
* Turkish (tr_TR) - [Hakan Demiray](http://www.dmry.net/ "Günlük Haftalık Aylık")
If you have translated into your language, please let me know.
]