WordPress WPQA - Builder forms Addon plugin < 5.2 - Arbitrary Profile Picture Deletion via IDOR vulnerability

Arbitrary Profile Picture Deletion via IDOR vulnerability discovered by Binit Ghimire in WordPress WPQA - Builder forms Addon plugin versions 5.2. Solution Update the WordPress WPQA - Builder forms Addon plugin to the latest available version at least 5.2...

handymantravels.co.in Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1206455 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

easycron.com Cross Site Scripting vulnerability

Security Researcher binit Helped patch 17 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting easycron.com website and its users. Following coordinated and...

NASA NODIS Cross Site Scripting

Cross-site Scripting XSS Vulnerability in NASA through User Agent - Binit Ghimire As of October 19, 2019, there exists a Reflected Cross-site Scripting XSS vulnerability in a sub-domain of the official NASA website as a result of the User Agent HTTP request header getting displayed in the webpage...

vim.org Cross Site Scripting vulnerability

Security Researcher binit Helped patch 17 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting vim.org website and its users. Following coordinated and...