WordPress site-offline plugin cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress site-offline plugin prior to...

WP Paginate < 2.1.4 - Authenticated Stored Cross-Site Scripting (XSS)

The WP Paginate WordPress plugin, version 2.1.3 and possibly below, was vulnerable to Stored Cross-Site Scripting XSS in the plugin's preset settings parameter. The form did require a valid CSRF nonce, limiting the exploitability of the vulnerability. PoC POST...

CVE-2020-35947

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce...

CVE-2020-35947

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce...

CVE-2020-35773

The site-offline plugin before 1.4.4 for WordPress lacks certain wpcreatenonce and wpverifynonce calls, aka CSRF...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress site-offline plugin prior to...

WordPress Epsilon Framework SSRF / Denial of Service

Exploit Title: Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection Date: 22/12/2020 Exploit Authors: gx1 lotar Vendor Homepage: https://wordpress.com/ Software Link: https://github.com/WordPress/WordPress Affected Themes: shapely - Fixed in version 1.2.9 newsmag - Fix...

Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection

Exploit Title: Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection Date: 22/12/2020 Exploit Authors: gx1 lotar Vendor Homepage: https://wordpress.com/ Software Link: https://github.com/WordPress/WordPress Affected Themes: shapely - Fixed in version 1.2.9 newsmag - Fix...

Simple Social Buttons < 3.2.0 - Reflected Cross-Site Scripting

Simple Social Buttons version 3.1.1 has a reflected Cross-Site Scripting vulnerability in the POST parameter "sharecounts". Both unauthenticated and authenticated attacks are possible Edit WPScanTeam The original report stated the issue as being fixed in 3.2.0, however a CSRF nonce has been added...

WordPress Redux Framework <= 4.1.23 - Cross-Site Request Forgery (CSRF) Nonce Validation Bypass vulnerability

Cross-Site Request Forgery CSRF Nonce Validation Bypass vulnerability found by ErwanLR in WordPress Redux Framework versions 4.1.22 - 4.1.23. Solution Update the WordPress Redux Framework to the latest available version at least 4.1.24...

WordPress Redux Framework plugin <= 4.1.20 - CSRF Nonce Validation Bypass vulnerability

CSRF Nonce Validation Bypass vulnerability discovered by Lenon Leite in WordPress Redux Framework plugin versions = 4.1.20. Solution Update the WordPress Redux Framework plugin to the latest available version at least 4.1.21...

Redux Framework < 4.1.21 - CSRF Nonce Validation Bypass

The plugin did not properly validate some nonces, only checking them if their value was set. As a result, CSRF attacks could still be performed by not submitting the nonce in the request, bypassing the protection they are supposed to provide. Just don't send the parameters: $POST'nonce' or...

Redux Framework 4.1.22 - 4.1.23 - CSRF Nonce Validation Bypass

The plugin re-introduced a CSRF bypass issue in v4.1.22, as the nonce is only checked if present in the request...

Redux Framework < 4.1.21 - CSRF Nonce Validation Bypass

The plugin did not properly validate some nonces, only checking them if their value was set. As a result, CSRF attacks could still be performed by not submitting the nonce in the request, bypassing the protection they are supposed to provide. PoC Just don't send the parameters: $POST'nonce' or...

CVE-2020-7787

This affects all versions of package react-adal. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is cause...

Salvoravida React-adal Authorization Issues Vulnerability

Salvoravida React-adal is a JS language based codebase for interacting with Azure Active Directory by Salvoravida Individual Developer. react-adal suffers from an authorization issue vulnerability that stems from the fact that for specially designed JWT tokens and request URLs, it is possible to...

Media Library Assistant < 2.90 - Authenticated Blind SQL Injection

The Media Library Assistant WordPress plugin was affected by an authenticated admin+ blind SQL injection vulnerability when there is at least one Custom Field Rule set in the plugin's options. PoC There need to be at least one Custom Field Rule in the plugin Custom Fields settings...

Media Library Assistant < 2.90 - Authenticated Blind SQL Injection

The Media Library Assistant WordPress plugin was affected by an authenticated admin+ blind SQL injection vulnerability when there is at least one Custom Field Rule set in the plugin's options. There need to be at least one Custom Field Rule in the plugin Custom Fields settings...

Secure File Manager < 2.8.2 - Authenticated Remote Command Execution

The Secure File Manager uses the elFinder libraries in an insecure way, allowing authenticated users to execute arbitrary file management commands. v2.6 attempted to fix the issue by adding a CSRF nonce, however the nonce is displayed for all users in the Dashboard via the Secure File Manager men...

WordPress Contextual Related Posts plugin <= 2.9.3 - Cross-Site Request Forgery (CSRF) Nonce Validation Bypass vulnerability

Cross-Site Request Forgery CSRF Nonce Validation Bypass vulnerability found by Lenon Leite in WordPress Contextual Related Posts plugin versions = 2.9.3. Solution Update the WordPress Contextual Related Posts plugin to the latest available version at least 2.9.3...