######################################## #################### Title: wordpress ThinkIT plugin-CSRF/XSS # discoverer: Yashar shahinzadeh # Official Website: http://thinkoverit.com/# test environment: Linux & Windows, PHP 5.2.9 # affected versions: 0.1 ####################################### ######################### abstract ========= 1. CSRF-Delete a form2. Cross site scripting 1. CSRF-Delete a form: ============================== Contact form ID can be easily Understood from HTML page source, <input type = "hidden" value = "[ID]" name = "toit-form-id"> </input>, which [ID] is the form ID, following crafted exploit may be used so as to delete form completely: obviusly, ID must be replaced. 2. cross site scripting: ============================== http: // [WP]/wordpress/wp-admin/admin. php? Toitcf_current_id = [XSS] & page = toitcf/** Yasshar shahinzadeh **/