[+] Exploit Title : Wordpress Googmonify Plug-in XSS/CSRF [+] Exploit Author : Ehsan Hosseini [+] Date: 2015-08-21 [+] Vendor Homepage : https://wordpress.org/plugins/googmonify/ [+] Software Link : https://downloads.wordpress.org/plugin/googmonify.zip [+] Version : 0.8.1 [+] Tested On : Windows FireFox [+] CVE : N/A =============================== Vulnerable Code : googmonify.php - Line 190,194,208 =============================== Exploit 1 (Just CSRF):
Exploit 2 (CSRF & XSS):
=============================== Patch : googmonify.php - Line 190,194,208 =============================== Discovered By : Ehsan Hosseini.