Default credentials

The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally...

Cross site request forgery (csrf)

The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubelydeletesavedblock AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts...

WordPress 跨站请求伪造漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site request forgery vulnerability exists in versions prior to 2.1.2 of the Ultimate FAQ plugin for...

WordPress 跨站请求伪造漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site request forgery vulnerability exists in versions prior to 1.7.8 of the Qubely plugin for WordPress, which...

WordPress plugin 访问控制错误漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. An access control error vulnerability exists in versions prior to Wordpress Plugin WP Post Page Clone...

CVE-2021-24948

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tpgetdlpostinfoajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts...

PT-2022-9522 · WordPress · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor - Pro WordPress plugin versions prior to 5.0.7 Description: The issue concerns the lack of validation for the qvquery parameter in the tp get dl post info ajax AJAX action. This could potentially allow...

Metasploit Wrap-Up

Dump Windows secrets from Active Directory This week, our very own Christophe De La Fuente added an important update to the existing Windows Secret Dump module. It is now able to dump secrets from Active Directory, which will be very useful for Metasploit users. This new feature uses the Director...

Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure

The plugin contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. PoC https://example.com/wp-json/doc/v1/single/509 509 being the ID of a private/draft Post...

Orange Form <= 1.0 - SQL Injection via CSRF

In the plugin, the processbulkaction function in "admin/orange-form-email.php" performs an unprepared SQL query with an unsanitized parameter $id. Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually exploitable and could allow attackers...

WP Post Page Clone < 1.2 - Unauthorised Post Access

The plugin allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally. PoC Go to All Posts, find the post to clone, click "Click to Clone" then edit the cloned post to see its content...

WordPress Popular Posts Remote Code Execution Vulnerability (CNVD-2021-102873)

WordPress is a blogging platform developed using the PHP language, which supports hosting personal blog sites on servers with PHP and MySQL. WordPress Popular Posts is a highly customizable widget for displaying the most popular posts. WordPress Popular Posts is vulnerable to remote code executio...

CVE-2021-24739

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...

CVE-2021-24739

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...

Design/Logic Flaw

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...

WordPress 插件授权问题漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Logo Carousel plugin is vulnerable to authorization issues in versions prior to 3.4.2. The...

PT-2021-16240 · WordPress · Logo Carousel

Name of the Vulnerable Software and Affected Versions: Logo Carousel WordPress plugin versions prior to 3.4.2 Description: The issue allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...

Wordpress Popular Posts Authenticated RCE

This exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to a reserved address 192/172/127/10. The server must also respond to a HEAD request for the payload, prior to getting a GET request. This exploit...

WordPress Popular Posts 5.3.2 Remote Code Execution Exploit

This exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to a reserved address 192/172/127/10. The server must also respond to a HEAD request for the payload, prior to getting a GET request. This exploit...

WordPress Get Custom Field Values plugin access control error vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blogging sites on PHP and MySQL servers. Get Custom Field Values Plugin is a WordPress open source application plugin. WordPress Get Custom Field Values...