Vulnerability analysis: WordPress image plugin Fancybox-For-WordPress vulnerability to cause the batch hung it-vulnerability warning-the black bar safety net

! Fancybox For WordPress is a great WordPress picture plugin, it can make your WordPress images pop up a nice browsing interface, showing the rich pop-up layer effect. Last week security researchers found that some Wordpress blogs suffered a batch hung it, and these blogs have in common is to...

WordPress Platform Theme Remote Code Execution Exploit

The Wordpress Theme "platform" contains a remote code execution vulnerability through an unchecked admininit call. The theme includes the uploaded file from it's temp filename with php's include function. This module requires Metasploit: http://metasploit.com/download Current source:...

WordPress Platform Theme File Upload Vulnerability

The WordPress Theme "platform" contains a remote code execution vulnerability through an unchecked admininit call. The theme includes the uploaded file from its temp filename with php's include function. This module requires Metasploit: https://metasploit.com/download Current source:...

Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::HTTP::Wordpress include...

Wordpress MailPoet (wysija-newsletters) Unauthenticated file Upload

The Wordpress plugin "MailPoet Newsletters" wysija-newsletters before 2.6.7 is vulnerable to an unauthenticated file upload. The exploits uses the upload Theme functionality to upload a zip file containing the payload. The plugin used the admininit hook without knowning the hook is also executed...

Critical Vulnerability in Wordpress Plugin Could Allow Site Takeover

WordPress users that have a popular plugin installed are being cautioned to upgrade immediately. A vulnerability in the plugin, MailPoet, could essentially allow an attacker to take over any site running it without authentication. MailPoet, formerly Wysija, allows developers running WordPress to...

Wordpress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload

The Wordpress plugin "MailPoet Newsletters" wysija-newsletters before 2.6.8 is vulnerable to an unauthenticated file upload. The exploit uses the Upload Theme functionality to upload a zip file containing the payload. The plugin uses the admininit hook, which is also executed for unauthenticated...