14 matches found
PT-2025-30228 · WordPress +1 · Wordpress +1
Name of the Vulnerable Software and Affected Versions: WordPress versions 3.5 through 6.8.2 Description: WordPress versions 3.5 through 6.8.2 are susceptible to a flaw that allows remote attackers to determine the titles of private and draft posts through pingback.ping XML-RPC requests...
CVE-2010-5293
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match...
[SECURITY] Fedora 36 Update: golang-github-google-martian-3.1.0-10.fc36
Martian Proxy is a programmable HTTP proxy designed to be used for testing. Martian is a great tool to use if you want to: - Verify that all or some subset of requests are secure - Mock external services at the network layer - Inject headers, modify cookies or perform other mutations of HTTP...
U.S. Dept Of Defense: xmlrpc.php file enabled at ██████.org
The XML-RPC API on WordPress allowed third-party applications and services to interact with WordPress sites, but it opened up two types of attacks: XML-RPC pingbacks and brute force attacks. The xmlrpc.php file was enabled on ██████.org, making it vulnerable to these attacks. Disabling or removin...
Ian Dunn: SSRF Possible through /wordpress/xmlrpc.php
Hello, I have found a SSRF in iandunn.name through the xmlrpc.php API. I understood you've said about this endpoint in the past making up junk reports, but this is on a function which isn't disabled by disabling the endpoint, as I can prove with a Proof-Of-Concept. There is a function using...
WordPress Core < 5.3.x - (xmlrpc.php) Denial of Service Exploit
Exploit for php platform in category web applications !/usr/bin/env python WordPress methodNamepingback.ping" entry += f"paramspingback/COUNT" entry += f"paramspingback/uuid.uuid4" entry += f"target/?p=1" entry += f"target/e" taxes DB more return entry def buildrequestpingback,target,entries:...
Nord Security: xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS)
Hi Team, The website https://www.nordvpn.com has the xmlrpc.php file enabled and could thus be potentially used for such an attack against other victim hosts. Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. URL:...
GSA Bounty: xmlrpc.php file enabled - data.gov
Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. this website www.data.gov has the xmlrpc.php file enabled. Impact This can be automated from multiple hosts and be used to cause a mass DDOS attack on the victim...
FormAssembly: xmlrpc.php file is enable it will used for (DOS) and bruteforce attack
Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. The website https://www.formassembly.com/ has the xmlrpc.php file enabled and could thus be potentially used for such an attack against other victim hosts. In order ...
DEBIAN-CVE-2010-5293
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match...
CVE-2010-5293
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match...
CVE-2010-5293
The vulnerability CVE-2010-5293 affects WordPress
WordPress <= 3.0.1
wp-includes/comment.php does not properly whitelist trackbacks and pingbacks in the blogroll. In that way the attackers can bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match. Solution Update WordPress...
Wordpress Update Fixes Malicious Author Vulnerability
An update to the popular WordPress blogging platform fixes a known security hole that could have enabled a malicious contributor to gain wider control over the blog to which he or she contributed. WordPress 3.0.2 was posted on Tuesday. The privilege escalation hole was described as of “moderate”...