WordPress 4.2.x < 4.2.25 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in Customizer. - An unspecified issue which could lead to disclosure of unauthenticated posts. - A cross-site scripting XSS...

WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts

Description This vulnerability could allow an unauthenticated user to view private or draft posts due to an issue within WPQuery. http://wordpress.local/?static=1&order=asc...

WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts

Description This vulnerability could allow an unauthenticated user to view private or draft posts due to an issue within WPQuery. PoC http://wordpress.local/?static=1ℴ=asc...

wordpress -- multiple issues

wordpress developers reports: Props to Evan Ricafort for finding an issue where stored XSS cross-site scripting could be added via the Customizer. rops to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. Props to Weston Ruter for finding a way to create a stored XSS ...

WordPress Core 5.2.3 - Viewing UnauthenticatedPasswordPrivate Posts

WordPress Core 5.2.3 - Viewing UnauthenticatedPasswordPrivate Posts So far we know that adding ?static=1 to a wordpress URL should leak its secret content Here are a few ways to manipulate the returned entries: - order with asc or desc - orderby - m with m=YYYY, m=YYYYMM or m=YYYYMMDD date format...

WordPress Core &lt; 5.2.3 - Viewing Unauthenticated/Password/Private Posts

So far we know that adding ?static=1 to a wordpress URL should leak its secret content Here are a few ways to manipulate the returned entries: - order with asc or desc - orderby - m with m=YYYY, m=YYYYMM or m=YYYYMMDD date format In this case, simply reversing the order of the returned elements...

CVE-2016-11001

The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field...

CVE-2016-11001

The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field...

Code injection

The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field...

CVE-2016-11001

The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field...

CVE-2016-11001

CVE-2016-11001 affects the WordPress plugin user-submitted-posts prior to 20160215. The vulnerability is described as XSS via the user-submitted-content field in the plugin. The connected documents reiterate the same description across NVD/Red Hat/other listings, with no explicit exploit details ...

Cross site request forgery (csrf)

The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location...

CVE-2016-10938

The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location...

PT-2019-5224 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.7 through 5.3.0 Description: The issue is related to an authentication error in the class-wp-rest-posts-controller function of the WordPress content management system, allowing users to mark posts as sticky via the REST...

WordPress Related Posts Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Related Posts is a plugin for adding related content. WordPress Related Posts plugin version 1.8.2 before the cross-site scripting...

Wordpress Event Tickets 4.10.7.1 Plugin - CSV Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Event Tickets = 4.10.7.1 - CSV Injection Google Dork: inurl:"\wp-content\plugins\event-tickets" Exploit Author: MTK http://mtk911.cf/ Vendor Homepage: https://tri.be/ Software Link:...

CVE-2015-9361

The Related Posts plugin before 1.8.2 for WordPress has XSS via addqueryarg and removequeryarg...

CVE-2015-9361

The CVE-2015-9361 entry concerns the WordPress Related Posts plugin (before 1.8.2). The vulnerability is a cross-site scripting (XSS) flaw triggered via add_query_arg() and remove_query_arg(), allowing injected client-side scripts. Affected component: Related Posts plugin for WordPress; root caus...

WordPress posts-in-page plugin path traversal vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. posts-in-page is a plugin for embedding posts in pages. A path traversal vulnerability exists in the WordPress posts-in-page plugin. T...

CVE-2017-18585

The posts-in-page plugin before 1.3.0 for WordPress has icaddposts template='../ directory traversal...