27 matches found
EUVD-2012-4208
Malware in sbrugna...
EUVD-2012-4207
Malware in sbrugna...
CVE-2012-4264
Multiple cross-site scripting XSS vulnerabilities in the Better WP Security betterwpsecurity plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263...
CVE-2020-36176
The CVE-2020-36176 affects the WordPress iThemes Security (formerly Better WP Security) plugin prior to version 7.7.0. The root issue is that the plugin does not enforce a new-password requirement for an existing account until the second login occurs, potentially leaving an account with a weak pa...
CVE-2018-12636
The CVE concerns WordPress iThemes Security (better-wp-security) plugin, prior to version 7.0.3. An authenticated admin can exploit an SQL injection via the itsec-logs page (log-orderby parameter) due to improper handling of the ORDER BY clause, enabling arbitrary SQL execution. Remediation: upgr...
XSSER - From XSS to RCE
From XSS to RCE 2.5 - Black Hat Europe Arsenal 2016 Demo Version 2.0 - 2015: https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZO40vP-eKsgf Version 2.5 - 2016: https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj Requirements Python 2.7., version 2.7.11 was used for...
Wordpress Better-wp-security Plugin Remote Code Execution Vulnerability
Exploit for php platform in category web applications +++++++++++++++++++++ | + Exploit Title: Wordpress Better-wp-security Plugin Remote Code Execution | + Exploit Author: Tonel Team | + Vendor Homepage : https://wordpress.org/plugins/better-wp-security/ | + Download Link :...
WordPress Better WP Security Plugin <= 3.5.5 - Stored XSS
This plugin is prone to inc/admin/content.php idspecialfile parameter stored cross site scripting vulnerability. Solution Update the plugin...
WordPress Better WP Security Plugin <= 3.4.3 - Multiple XSS
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
Wordpress Plugin Better WP Security - Stored XSS
No description provided by source. ======= Summary ======= Name: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE Release Date: 30 July 2013 Reference: NGS00500 Discoverer: Richard Warren [email protected] Vendor: Bit51 Vendor Reference: Systems Affected: Bit51 Better...
Better WP Security Plugin for WordPress Multiple XSS
The WordPress Better WP Security Plugin installed on the remote host is affected by multiple cross-site scripting XSS vulnerabilities : - The application fails to properly sanitize user-supplied input to the HTTPUSERAGENT header. CVE-2012-4263 - The application fails to properly sanitize...
WordPress Better WP Security 3.6.3 XSS / Disclosure Vulnerabilities
WordPress Better WP Security plugin version 3.6.3 suffers from information disclosure and cross site scripting vulnerabilities. Exploit Title: Wordpress Plugin - Better WP Security multiple vulnerability Date: 2014 11 Fabruary Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit...
WordPress Better WP Security 3.6.3 XSS / Disclosure
Exploit Title: Wordpress Plugin - Better WP Security multiple vulnerability Date: 2014 11 Fabruary Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: https://wordpress.org/plugins/better-wp-security/ Tested on: Lin...
NGS00500 Technical Advisory: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE
======= Summary ======= Name: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE Release Date: 30 July 2013 Reference: NGS00500 Discoverer: Richard Warren [email protected] Vendor: Bit51 Vendor Reference: Systems Affected: Bit51 Better WP Security Plugin Version...
Wordpress Better WP Security Plugin - Stored XSS Vulnerability
Richard Warren ======= Summary ======= Name: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE Release Date: 30 July 2013 Reference: NGS00500 Discoverer: Richard Warren Vendor: Bit51 Vendor Reference: Systems Affected: Bit51 Better WP Security Plugin Version...
WordPress Plugin Better WP Security 3.4.83.4.93.4.103.5.23.5.3 - Persistent Cross-Site Scripting
WordPress Plugin Better WP Security 3.4.83.4.93.4.103.5.23.5.3 - Persistent Cross-Site Scripting ======= Summary ======= Name: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE Release Date: 30 July 2013 Reference: NGS00500 Discoverer: Richard Warren Vendor: Bit51 Vendor...
WordPress Better WP Security Plugin - Stored XSS
Better WP Security plugins is prone to a stored XSS vulnerability that allow to steal cookies or gain privileged access to the affected site. Solution Update the plugin to 3.5.4 version...
Bit51 Better WP Security Plugin XSS / Command Execution
======= Summary ======= Name: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE Release Date: 30 July 2013 Reference: NGS00500 Discoverer: Richard Warren Vendor: Bit51 Vendor Reference: Systems Affected: Bit51 Better WP Security Plugin Version 3.4.8/3.4.9/3.4.10/3.5.2/3.5.3 Risk...
CVE-2012-4264
Multiple cross-site scripting XSS vulnerabilities in the Better WP Security betterwpsecurity plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263...
CVE-2012-4263
Cross-site scripting XSS vulnerability in inc/admin/content.php in the Better WP Security betterwpsecurity plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTPUSERAGENT header...