WordPress Persian Woocommerce SMS 3.3.2 XSS

`## FULL DISCLOSURE  
  
  
#Product :Persian-woocommerce-sms  
#Exploit Author : Rahul Pratap Singh  
#Version :3.3.2  
#Home page Link : https://wordpress.org/plugins/persian-woocommerce-sms/  
#Website : 0x62626262.wordpress.com  
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94  
#Date : 21/4/2016  
  
XSS Vulnerability:  
  
----------------------------------------  
Description:  
----------------------------------------  
"ps_sms_numbers" parameter is not sanitized that leads to XSS  
Vulnerability.  
  
----------------------------------------  
Vulnerable Code:  
----------------------------------------  
File Name: testfiles/persian-woocommerce-sms/lib/class.bulk.send.php  
  
Found at line:45  
value="<?php echo isset($_POST['ps_sms_numbers']) ?  
$_POST['ps_sms_numbers'] : '' ?>" style="direction:ltr; text-align:left;  
width:700px; max-width:100% !important"/><br/>  
  
  
----------------------------------------  
  
Fix:  
Update to 3.3.4  
  
Vulnerability Disclosure Timeline:  
→ March 14, 2016 – Bug discovered, initial report to Vendor.  
→ March 22, 2016 – No Response. Report sent again.  
→ March 23, 2016 – WordPress Acknowledged.  
→ April 21, 2016 – Full Disclosure.  
  
Pub Ref:  
https://0x62626262.wordpress.com/2016/04/21/persian-woocommerce-sms-xss-vulnerability/  
https://wordpress.org/plugins/persian-woocommerce-sms/changelog/  
`