___________________________________________________ | | Exploit Title: Wordpress cool-flickr-slideshow Plugin Cross Site Scripting(xss) | Exploit Author: Ashiyane Digital security Team | Vendor Homepage:https://wordpress.org/plugins/cool-flickr-slideshow/ | Software Link: https://downloads.wordpress.org/plugin/cool-flickr-slideshow.1.0.zip | Version: 1.0 | Date: 2017 - 07 - 9 | Tested on: Kali-Linux /FireFox |__________________________________________________ Exploit :
" />
__________________________________________________ Vulnerable File : /wp-content/plugins/cool-flickr-slideshow/flickr_gallery_admin.php Vulnerable code: line 154 : line 185 :

line 186 :

__________________________________________________ #patch: For fix this vulnerability you use htmlspecialchars() function . __________________________________________________ Discovered By : M.R.S.L.Y __________________________________________________