This effects version 0.1 of abc-test the hole is fixed in version 0.2

---------
Affected products:
---------

Product : wordpress plugin abc-test
Affected file:	 abctest_config.php

----
Details:
----

The file abctest_config.php does not sanitize the input from $_GET ['id']
effectively. This allows a user to launch a cross site scripting attack
against this file. While the effectiveness of such an attack is somewhat
limited by the wordpress platform adding \ to quotes, it still may be
possible to inject cookie stealing objects (flash files for example).

Example code:

http://localhost/blog/wp-admin/admin.php?page=abctest&do=edit&id=%22%3E%3Ch1
%3EXSS%3C/h1

-------
Suggested fix:
-------

Sanitize the $_GET super global.

----
Timeline:
----

24-Sept-2012 Vendor and wordpress informed.
25-Sept-2012 Vendor confirmed the security issue and patched.
26-Sept-2012 Public release of the vulnerability, via the full disclosure
and
http://scott-herbert.com/blog/2012/09/26/xss-vulnerability-in-wordpress-plug
in-abc-test-1107