WordPress Global Content Blocks 2.1.5 Cross Site Request Forgery

------------------------------------------------------------------------ Cross-Site Request Forgery in Global Content Blocks WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016...

WordPress NewStatPress 1.2.4 Cross Site Scripting

------------------------------------------------------------------------ Persistent Cross-Site Scripting in the WordPress NewStatPress plugin ------------------------------------------------------------------------ Han Sahin, July 2016...

WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery

WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery !-- Source: https://sumofpwn.nl/advisory/2016/popupbysupsysticwordpresspluginvulnerabletocrosssiterequestforgery.html Abstract A Cross-site Request Forgery vulnerablity exists in the Popup by Supsystic WordPress Plugin. This...

WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting

WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginthewordpressnewstatpressplugin.html Abstract A persistent Cross-Site Scripting XSS vulnerability has been found in the WordPress NewStatPress plugin. By using this...

WordPress File Manager 3.0.1 Plugin - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinfilemanagerwordpressplugin.html Abstract A Cross-Site Request Forgery CSRF vulnerability was found in the File Manager WordPress Plugin. Among others, this issue can be use...

WordPress Google Forms Plugin unauthenticated PHP Object injection vulnerability

Exploit for php platform in category web applications Abstract A PHP Object injection vulnerability was found in the Google Forms WordPress Plugin, which can be used by an unauthenticated user to instantiate arbitrary PHP Objects. Using this vulnerability it is possible to execute arbitrary PHP...

WordPress Google Analytics Counter Tracker 3.1.5 PHP Object Injection

------------------------------------------------------------------------ Google Analytics Counter Tracker WordPress Plugin unauthenticed PHP Object injection vulnerability ------------------------------------------------------------------------ Remco Vermeulen, July 2016...

WordPress Quotes Collection 2.0.5 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016...

WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting

Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginwassuprealtimeanalyticswordpressplugin.html Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Abstract A stored Cross-Site Scripting XSS vulnerability has been found in the WassUp Real Time...

WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting

WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginwassuprealtimeanalyticswordpressplugin.html Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Abstract A stored...

WordPress WassUp Real Time Analytics 1.9 Cross Site Scripting

------------------------------------------------------------------------ Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, October 2016...

WordPress 404 to 301 Plugin 2.2.8 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Source: https://sumofpwn.nl/advisory/2016/storedcrosssitescriptingvulnerabilityin404to301wordpressplugin.html Stored Cross-Site Scripting vulnerability in 404 to 301 WordPress Plugin Abstract A stored Cross-Site Scripting vulnerability was fou...

WordPress WassUp Real Time Analytics 1.9 Plugin - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginwassuprealtimeanalyticswordpressplugin.html Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Abstract A stored Cross-Site Scripting XSS...

WordPress 4.5.3 - Directory Traversal Denial of Service

WordPress 4.5.3 - Directory Traversal Denial of Service Path traversal vulnerability in WordPress Core Ajax handlers Abstract A path traversal vulnerability was found in the Core Ajax handlers of the WordPress Admin API. This issue can potentially be used by an authenticated user Subscriber to...

WordPress Core 4.5.3 - Directory Traversal / Denial of Service

Path traversal vulnerability in WordPress Core Ajax handlers Abstract A path traversal vulnerability was found in the Core Ajax handlers of the WordPress Admin API. This issue can potentially be used by an authenticated user Subscriber to create a denial of service condition of an affected...

WordPress Plugin Count Per Day 3.5.4 - Persistent Cross-Site Scripting

WordPress Plugin Count Per Day 3.5.4 - Persistent Cross-Site Scripting Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin Abstract A Cross-Site Scripting vulnerability was found in the Count per Day WordPress Plugin. This issue can be exploited by an unauthenticated...

WordPress Activity Log 2.3.2 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin ------------------------------------------------------------------------ Edwin Molenaar, July 2016...

WordPress Contact Bank 2.1.21 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting in Contact Bank WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------------------------------------------...

WordPress Booking Calendar 6.2 Plugin - SQL Injection

Exploit for php platform in category web applications SQL injection vulnerability in Booking Calendar WordPress Plugin Abstract An SQL injection vulnerability exists in the Booking Calendar WordPress plugin. This vulnerability allows an attacker to view data from the database. The affected...

WordPress ALO EasyMail NewsLetter 2.9.2 Plugin - Cross-Site Request Forgery (Add/Import Arbitrary Su

Exploit for php platform in category web applications Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin Contact For feedback or questions about this advisory mail us at sumofpwn at securify.nl The Summer of Pwnage This issue has been found during the Summer of Pwnage hacker...