# Exploit Title: Wordpress xPinner Lite CSRF/XSS
# Exploit Author: Ashiyane Digital security Team
# Vendor Homepage: https://wordpress.org/plugins/xpinner-lite
# Software Link: https://downloads.wordpress.org/plugin/xpinner-lite.zip
# Version: 2.2
# Tested on: windows 7 /FireFox
# Date: 2015-09-14
####################################################
#Exploit :
####################################################################
# Vulnerable File : /wp-content/plugins/xpinner-lite/xpinner-lite.php
# Vulnerable codes: Lines 145,150,156,158,169,173,177
[145] :
[150] :
[156] :
[158] :
[169] :
[173] :
[177] :
=================================
For Patch :
You Should Use htmlspecialchars For Example :
[145] :
##########################################################
discovered by : Amir.ght(Goldhack)