Exploit TItle: My Calendar 2.4.10 CSRF and XSS Exploit Author : Mysticism (Ahn Sung Jun) Date : 2015-11-06 Vendor Homepage : http://wordpress.org/plugins/my-calendar Software Link : https://downloads.wordpress.org/plugin/my-calendar.2.4.10.zip Version : 2.4.10 Tested On : kail linux Iceweasel =================== Vulnerable Code : my-calendar-categoris.php if ( isset( $_POST['mode'] ) && $_POST['mode'] == 'add' ) { $term = wp_insert_term( $_POST['category_name'], 'mc-event-category' ); if ( ! is_wp_error( $term ) ) { $term = $term['term_id']; } else { $term = false; } $add = array( 'category_name' => $_POST['category_name'], 'category_color' => $_POST['category_color'], 'category_icon' => $_POST['category_icon'], 'category_private' => ( ( isset( $_POST['category_private'] ) ) ? 1 : 0 ), 'category_term' => $term ); } POC (CSRF & XSS) Discovered By Mysticism(Ahn Sung Jun)