Re: Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities

[Henri Salo]

On Wed, Nov 23, 2011 at 07:54:15AM +0000, a...@irist.ir wrote:
> # Wordpress featurific-for-wordpress plugin Cross-Site Scripting 
> Vulnerabilities                                                         #
> #                                                                             
>                                                            #
> # Download......: Download......: 
> http://wordpress.org/extend/plugins/featurific-for-wordpress/                 
>                          #
> #                                                                             
>                                                            #
> # Bug Found.....: http://Aria-Security.Com/forum/                             
>                                                            #
> #                                                                             
>                                                            #
> # discovery.....: Am!r (IrIsT?)                                               
>                                                            #
> #                                                                             
>                                                            #
> # contact.......: Amir[at]IrIsT.ir                                            
>                                                            #
> #                                                                             
>                                                            #
> # Exploit.......: Exploit.......: 
> http://www.site.com/[path]/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=[xss]
>      #

Could not reproduce. Which version you used when you tested this? Error-message 
is given if I try your "exploit":

Featurific for Wordpress error: Invalid input.

- Henri Salo