WordPress Plugin Heroic Knowledge Base SQL Injection Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A SQL injection vulnerability exists in the WordPress plugin Heroic Knowledge Base. An...

WordPress Heroic Knowledge Base 3.0.1 SQL Injection

Exploit Title : wordpress Heroic Knowledge Base Plugin = 3.0.1 - sql injection Exploit Author : begininvoke Exploit Date : 2020-11-29 Vendor Homepage : https://herothemes.com + Proof Of Concept: ===================== Parameters id is vulnerable Methode POST POST /wp-admin/admin-ajax.php HTTP/1.1...

Heroic Knowledge Base 3.0.1 Cross Site Scripting

Exploit Title : Heroic Knowledge Base Plugin Methode POST POST /wp-admin/admin-ajax.php HTTP/1.1 Host: site.com User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:56.0 Gecko/20100101 Firefox/56.0 Waterfox/56.3 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate...