Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php.
plugins.trac.wordpress.org/changeset?reponame=&old=537613%40zingiri-web-shop&new=537613%40zingiri-web-shop
secunia.com/advisories/48991
wordpress.org/extend/plugins/zingiri-web-shop/changelog/
www.exploit-db.com/exploits/18787
www.osvdb.org/81492
www.osvdb.org/81493
www.securityfocus.com/bid/53278
exchange.xforce.ibmcloud.com/vulnerabilities/75178
exchange.xforce.ibmcloud.com/vulnerabilities/75179