Advisory: WordPress Plugin 'AJAX Comment Page 3.25' Cross-site scripting vulnerability Advisory ID: SSCHADV2013-006 Author: Stefan Schurtz Affected Software: Successfully tested on AJAX Comment Page 3.25 Vendor URL: http://mr.hokya.com/ajax-comment-page/ Vendor Status: informed ========================== Vulnerability Description ========================== The parameter 'max' of the WordPress plugin 'AJAX Comment Page' is prone to a XSS vulnerability ================== PoC-Exploit ================== http://[target]/wordpress/wp-content/plugins/ajax-comment-page/js.php?max= ========= Solution ========= // ajax-comment-page/js.php max = ; ==================== Disclosure Timeline ==================== 30-Mar-2013 - informed plugins@wordpress.org ======== Credits ======== Vulnerability found and advisory written by Stefan Schurtz. =========== References =========== http://www.darksecurity.de/advisories/2013/SSCHADV2013-006.txt