Hello 3APA3A!
in 2010 I've disclosed multiple vulnerabilities (Cross-Site Scripting and Full path disclosure) in WordPress plugin WP-UserOnline (http://securityvulns.ru/Ydocument162.html, http://seclists.org/fulldisclosure/2010/Jul/8). And recently I've disclosed the exploit for persistent XSS vulnerability in WP-UserOnline. It must be interesting for those who want to test this vulnerability.
Exploit:
http://websecurity.com.ua/uploads/2012/WP-UserOnline.txt
This perl exploit I've developed at 26.04.2010.
As I've wrote earlier, vulnerable are WP-UserOnline 2.62 and previous versions. After my informing the developer released WP-UserOnline 2.70 (at 07.05.2010). In version 2.70 he fixed XSS, but not Full path disclosure vulnerabilities.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua