5 matches found
CVE-2017-1002008
CVE-2017-1002008 affects the WordPress plugin membership-simplified-for-oap-members-only v1.58. The vulnerability is in the file download.php, which does not verify that a user is logged in or has download privileges, enabling an attacker to obtain arbitrary files. Public writeups and advisories ...
Larry's Cabinet of Web Vulnerability Curiosities
One of my responsibilities as a member of the Akamai Security Intelligence Response Team SIRT is to research new web application vulnerabilities. For the last year, I have focused on Wordpress plugin vulnerabilities, and looking for any interesting code tidbits in my box of Wordpress toys. There...
WordPress Membership Simplified 1.58 Arbitrary File Download
import requests import string import random from urlparse import urlparse print "---------------------------------------------------------------------" print "Wordpress Plugin Membership Simplified v1.58 - Arbitrary File Download\nDiscovery: Larry W. Cashdollar\nExploit Author: Munir...
WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download
import requests import string import random from urlparse import urlparse print "---------------------------------------------------------------------" print "Wordpress Plugin Membership Simplified v1.58 - Arbitrary File Download\nDiscovery: Larry W. Cashdollar\nExploit Author: Munir...
Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download import requests import string import random from urlparse import urlparse print "---------------------------------------------------------------------" print "Wordpress Plugin Membership Simplified v1.58 - Arbitrary File...