|Title: Reflected XSS in wordpress plugin simplified-content v1.0.0|
|Author: Larry W. Cashdollar, @_larry0|
|Download Site: https://wordpress.org/plugins/simplified-content|
|Vendor Notified: 2016-02-09|
|Vendor Contact: email@example.com, fixed v1.0.1|
|Plugin Name: simplified-content|
There is a reflected XSS vulnerability in the following php code ./simplified-content/ooawpframework/js/ajax/OOAAjax.js.php: 24: url: "<?php echo $_REQUEST["ajaxURL"]; ?>", The variable ajaxURL appears to send unsanitized data back to the users browser.
Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.