Advisory: WordPress Plugin 'Types 1.2.1.1' Cross-Site Request Forgery & Stored Cross-site scripting vulnerability Advisory ID: SSCHADV2013-005 Author: Stefan Schurtz Affected Software: Successfully tested on Types 1.2.1.1 Vendor URL: http://wordpress.org/extend/plugins/types/ Vendor Status: fixed CVE-ID: Requested ========================== Vulnerability Description ========================== The parameter 'skypename' of the WordPress plugin Types 1.2.1.1 is prone to a CSRF and stored XSS vulnerability ================== PoC-Exploit ==================