WordPress Live Wire Theme - Remote Code Execution

There are a bug in this theme, that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. Solution Update the theme...

IL и XSS уязвимости во многих темах для WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Information Leakage и Cross-Site Scripting уязвимостях во многих темах для WordPress. В разных шаблонах имеется test.php - скрипт с phpinfo - что приводит к Information Leakage утечка FPD и другой важной информации о сервере и XSS в PHP 4.4.1,...

WordPress WooThemes Live Wire theme - Cross-Site Scripting

WordPress WooThemes Live Wire theme is prone to a cross-site scripting vulnerability. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication credentials. Other attacks are also...

Уязвимости в темах Live Wire 2.0 и Live Wire Style для WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях в темах Live Wire 2.0 и Live Wire Style для WordPress. Это ещё две темы, которые вместе с Live Wire Edition входят в серию Live Wire. Это коммерческ...

Уязвимости в TimThumb и во многих темах для WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях в TimThumb и во многих темах для WordPress. Уязвимыми являются TimThumb и все веб приложения в частности темы для WordPress, которые его используют...

Live Wire 2.0 For WordPress Cross Site Scripting / Denial Of Service

Hello list! I want to warn you about Cross-Site Scripting, Full path disclosure, Abuse of Functionality and Denial of Service vulnerabilities in Live Wire 2.0 and Live Wire Style themes for WordPress. These are another two themes which are a part of Live Wire series together with Live Wire Editio...

Уязвимости в теме Live Wire Edition для WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях в теме Live Wire Edition для WordPress. Это коммерческий шаблон для WP. XSS WASC-08:...

WordPress Theme Live Wire 2.3.1 - Multiple Vulnerabilities

WordPress Theme Live Wire 2.3.1 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/47299/info Live Wire for Wordpress is prone to multiple security vulnerabilities. These vulnerabilities include multiple denial-of-service vulnerabilities, a cross-site scripting vulnerability, an...

WordPress Theme Live Wire 2.3.1 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/47299/info Live Wire for Wordpress is prone to multiple security vulnerabilities. These vulnerabilities include multiple denial-of-service vulnerabilities, a cross-site scripting vulnerability, and an information-disclosure vulnerability. Exploiting these...

Live Wire 2.3.1 XSS / Disclosure / Denial Of Service

Hello list! I want to warn you about Cross-Site Scripting, Full path disclosure, Abuse of Functionality and Denial of Service vulnerabilities in Live Wire Edition theme for WordPress. It's commercial theme for WP by WooThemes. ------------------------- Affected products: -------------------------...

WordPress Live Wire Theme 2.3.1 - Multiple Security Vulnerabilities

There are several vulnerabilities in this theme. These vulnerabilities include multiple denial-of-service vulnerabilities, information-disclosure and cross-site scripting vulnerabilities. The issues allow attackers to deny service to legitimate users, execute arbitrary script code, steal...