WordPress Plugin mb.miniAudioPlayer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress wp-miniaudioplayer plugin Arbitrary File Download Vulnerability

Exploit for php platform in category web applications http://victim.com/wp-content/plugins/wp-miniaudioplayer/mapdownload.php?fileurl=/etc/passwd baiemusic.fr/wp-content/plugins/wp-miniaudioplayer/mapdownload.php?fileurl=/etc/passwd...

WordPress miniAudioPlayer Plugin <= 1.3.8 - Cross Site Scripting

This plugin is prone to a maplayertinymce.php multiple parameter cross site scripting vulnerability. Solution Update the plugin...

miniAudioPlayer < 1.3.9 - maplayertinymce.php Multiple Parameter XSS

The mb.miniAudioPlayer – an HTML5 audio player for your mp3 files WordPress plugin was affected by a maplayertinymce.php Multiple Parameter XSS security vulnerability...

WordPress miniaudioplayer插件 /wp-content/plugins/wp-miniaudioplayer/map_download.php 任意文件下载漏洞

WordPress miniaudioplayer插件 /wp-content/plugins/wp-miniaudioplayer/mapdownload.php 文件中$fileurl参数是从GET方式获取的，外部可控，但是没有经过任何字符串的限制和过滤就直接readfile了，导致我们可以将$fileurl的参数赋成./../../../wp-config.php/. 就可以下载网站根目录下的wp-config.php文件了，里面存有mysql数据库的用户名和密码和一些加密数据，导致了信息泄露。 WordPress miniaudioplayer插件...

WordPress Miniaudioplayer Cross Site Scripting

Exploit Title : Wordpress wp miniaudioplayer Cross site scripting Vulnerability Exploit Author : Ashiyane Digital Security Team Google Dork: : inurl:/wp-content/plugins/wp-miniaudioplayer Date: 2013/09/24 all Version Vendor Homepage : http://wordpress.org Software link :...