# Exploit Title: WordPress - Beer Recipes v.1.0 XSS# Google Dork: -# Date: June / 25 / 2011# Author: TheUzuki.'# Software Link: http://opensourcebrew.org/beer-recipes-plugin/# Version: v.1.0# Tested on: Windows 7# CVE : -##################################################################### SIESTTA 2.0 (LFI/XSS) Multiple Vulnerabilities# download: http://opensourcebrew.org/beer-recipes-plugin/## Author: TheUzuki.' from HF# mail: uzuki[@]live[dot]de### This was written for educational purpose. Use it at your own risk.# Author will be not responsible for any damage.####################################################################### Notes: You need to be User at the WordPress Board#####################################################################--Description of WordPress Plugin--
Creates a custom post typefor easily entering beer recipes into WordPress
--Exploit--
By Commenting a Beer Recip,with a javascript, the Javascripts,gets executed directly.
This causes a XSS.--PoC--<script>alert(document.cookie)</script>
