WordPress Easy Cookies Policy plugin <= 1.6.2 - Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS)

Broken Access Control vulnerability leading to Stored Cross-Site Scripting XSS discovered by 0xB9 in WordPress Easy Cookies Policy plugin versions = 1.6.2. Solution This plugin has been closed as of April 28, 2021 and is not available for download. This closure is temporary, pending a full review...

WordPress Popup by Supsystic plugin <= 1.10.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Popup by Supsystic plugin versions = 1.10.4. Solution Update the WordPress Popup by Supsystic plugin to the latest available version at least 1.10.5...

WordPress Business Directory Plugin <= 5.11.1 - Arbitrary Listing Export vulnerability

Arbitrary Listing Export vulnerability discovered by 0xB9 in WordPress Business Directory Plugin versions = 5.11.1. Solution Update the WordPress Business Directory Plugin to the latest available version at least 5.11.2...

WordPress Business Directory Plugin <= 5.10.1 - Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)

Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by 0xB9 in WordPress Business Directory Plugin versions = 5.10.1. Solution Update the WordPress Business Directory Plugin to the latest available version at least 5.11...

WordPress Contact Form Check Tester plugin <= 1.0.2 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Contact Form Check Tester plugin versions = 1.0.2. Solution This plugin has been closed as of March 25, 2021 and is not available for download. This closure is permanent...

WordPress Database Backups plugin <= 1.2.2.6 - Cross-Site Request Forgery (CSRF) vulnerability leading to backup download

Cross-Site Request Forgery CSRF vulnerability leading to backup download discovered by 0xB9 in WordPress Database Backups plugin versions = 1.2.2.6. Solution 2021-03-18 - we were unable to find a patched version of this plugin. WordPress.org plugin repository notice: "This plugin has been closed ...

MyBB Bans List 1.0 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB Bans List - Cross Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=423 Version: 1.0 Tested on: Ubuntu 18.04 CVE: CVE-2018-14724 1...

FastTube 1.0.1.0 - Denial of Service (PoC)

Exploit Title: FastTube 1.0.1.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9MXS9JVDP25V Version: 1.0.1.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new fi...

MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB Recent Threads Plugin v1.0 - Cross-Site Scripting Date: 6/2/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=842 Version: 1.0 Tested on: Ubuntu 18.0...

MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting

Exploit Title: MyBB Recent Threads Plugin v1.0 - Cross-Site Scripting Date: 6/2/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=842 Version: 1.0 Tested on: Ubuntu 18.04 CVE: CVE-2018-11715 1. Description: Creates a page...

MyBB Moderator Log Notes 1.1 Cross Site Scripting

Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Date: 2018-05-17 Author: 0xB9 Software Link: https://community.mybb.com/mods.php?action=view&pid=1105 Version: 1.1 Tested on: Ubuntu 18.04 CVE: N/A 1. Description: The plugin allows moderators to save notes and display them...

MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting

Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Date: 2018-05-17 Author: 0xB9 Software Link: https://community.mybb.com/mods.php?action=view&pid=1105 Version: 1.1 Tested on: Ubuntu 18.04 CVE: N/A 1. Description: The plugin allows moderators to save notes and display them...

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=914 Version: 1.1 Tested on: Ubuntu...

MyBB My Arcade Plugin 1.3 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB My Arcade Plugin v1.3 - Persistent XSS Date: 2/21/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=411 Version: 1.3 Tested on:...