WordPress 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A code injection vulnerability exists in the WordPress...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. Smooth Scroll Page Up/Down Buttons WordPress plugin...

CVE-2021-32752

Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may...

WordPress WP Customer Reviews Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WP Customer Reviews WordPress plugin before 3.5.6, which can ...

WordPress Plugin "WordPress Meta Data Filter & Taxonomies Filter" vulnerable to cross-site request forgery

Overview WordPress Plugin "WordPress Meta Data Filter & Taxonomies Filter" provided by realmag777 contains a cross-site request forgery vulnerability CWE-352. Ryoma Nishioka of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this...

WordPress 路径遍历漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A path traversal vulnerability exists in WordPress Ninja Team Video Downloader for TikTok, which ste...

WordPress plugin Easy Cookies Policy 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL server set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress Easy...

WordPress 插件路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . An authorization issue vulnerability exists in WordPress...

Woo MerchantX <= 1.0 - CSRF Bypass

The plugin does not properly check for CSRF in its merchantxstepOneaddBilling, merchantxstepOne and merchantxdeletePaymentMethod functions, allowing attacker to make logged in users call them and perform unwanted actions...

Flash Games <= 2.2 - CSRF Bypass

The plugin does not properly check for CSRF in its cgwpsearchgame AJAX action, however we could not identify a risk associated with it...

Forms < 1.12.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting XSS vulnerability within the Forms "Add new" field. PoC Step 1: Install and activate the plugin. Step 2: Go to the Forms-- Add New...

WP Google Map < 1.7.7 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfilteredhtml capability is disallowed PoC Create a new map. Add an XSS payload to the title. Click "Show as map title". A...

Strong Testimonials < 2.51.3 - Unauthorised AJAX Call

The plugin did not propely check for CSRF and authorisation in all the wpmtstaddfieldfunction functions, allowing unauthorised call of the associated AJAX actions either via low privilege users or CSRF attack PoC https://example.com/wp-admin/admin-ajax.php?action=wpmtstgetcatcount...

Handsome Testimonials & Reviews < 2.1.1 - Authenticated (Subscriber+) SQL Injection

The hndtstactioninstancecallback AJAX call of the plugin, available to any authenticated users, does not sanitise, validate or escape the hndtstpreviewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL Injection issue. PoC curl -i -s -k -X $'POST' \ -H...

Photo Gallery by Ays - Responsive Image Gallery < 4.4.4 - Authenticated Blind SQL Injections

The getgallerycategories and getgalleries functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard PoC SQLMAP: python sqlmap.py -r r.txt -p orderby...

Popup Like box - Page Plugin < 3.5.3 - Authenticated Blind SQL Injections

The getfblikeboxes function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard PoC SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms...

Poll Maker < 3.2.1 - Authenticated Blind SQL Injections

The getpollcategories, getpolls and getreports functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard PoC SQLMAP: python sqlmap.py -r r.txt -p order...

Steam Group Viewer <= 2.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Steam Group Address" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue Enter the following payload in the "Steam Group Adrdess" setting of the plugin: "alert/XSS/...

Yada Wiki < 3.4.1 - Contributor+ Stored XSS

The plugin did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue PoC - Create a wiki page. If there is already a page, you can skip. The page can be a draft. - Add this shortcode to a post/page, view it and move the mouse over...

Migrate Users <= 1.0.1 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its options, allowing the issue to be exploited via a CSRF attack. Add the following paylo...