|Title: Reflected XSS in wordpress plugin aoringo-log-maker v0.1.3|
|Author: Larry W. Cashdollar, @_larry0|
|Download Site: https://wordpress.org/plugins/aoringo-log-maker|
|Vendor Notified: 2016-02-09|
|Vendor Contact: email@example.com|
|Plugin Name: aoringo-log-maker|
There is a reflected XSS vulnerability in the following php code ./aoringo-log-maker/aoringo_log_maker.php: 122: <!-- order = <?php echo $_POST['order']; ?>, striped = <?php echo stripslashes($_POST['order']); ?>, saved = <?php get_option('fjscp_order'); ?> --> The variable order appears to send unsanitized data back to the users browser via POST request.
|CVE-ID: Not Released|
Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.