WordPress Plugin Ultimate Membership Pro 3.3 - SQL Injection

Vendor Homepage: http://wpindeed.com/ Software Link: http://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253 Version: 3.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Unauthenticated Blind SQLi, Unauthenticated Payment Bypass Time line: Found 07-Jun-2016, Vendor notified...

WordPress Ultimate Membership Pro 3.3 Plugin - SQL Injection

Exploit for php platform in category web applications Vendor Homepage: http://wpindeed.com/ Software Link: http://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253 Version: 3.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Unauthenticated Blind SQLi, Unauthenticated Payment Bypass...

WordPress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite

Vendor Homepage: http://aa-team.com/ Software Link: http://codecanyon.net/item/premium-seo-pack-wordpress-plugin/6109437?srank=2 Version: 1.9.1.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Authenticated customer, subscriber wpoptions overwrite Time line: Found 05-Jun-2016, Vendor notified 05-Jun-201...

WordPress Plugin Social Stream 1.5.15 - wp_options Overwrite

Vendor Homepage: Software Link: http://codecanyon.net/item/wordpress-social-stream/2201708?srank=15 Version: 1.5.15 Tested on: Debian 8, PHP 5.6.17-3 Type: Authenticated wpoptions overwrite Time line: Found 14-May-2016, Vendor notified 14-May-2016, Vendor fixed: v1.5.16 19/05/2016 Current Version...

WordPress Theme Creative Multi-Purpose 9.1.3 - Persistent Cross-Site Scripting

Vendor Homepage: http://bridge.qodeinteractive.com/ Software Link: http://themeforest.net/item/bridge-creative-multipurpose-wordpress-theme/7315054 Version: 9.1.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Stored XSS, Ability to overwrite any theme settings. Time line: Found 23-Apr-2016, Vendor...