WordPress Revolve theme <= 1.3.1 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Revolve theme versions = 1.3.1. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Revolve theme <= 1.3.1 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Revolve theme versions = 1.3.1. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Revolve theme <= 1.3.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Revolve theme versions = 1.3.1. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores the...

revolve.com XSS vulnerability

Open Bug Bounty ID: OBB-408080 Description| Value ---|--- Affected Website:| revolve.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

revolve.com XSS vulnerability

Vulnerable URL: http://www.revolve.com/tops/br/db773d/?"'--! XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 7153 VIP website status:| Yes Check revolve.com SSL connection:|...

revolve.com XSS vulnerability

Vulnerable URL: http://www.revolve.com/tops/br/db773d/?"'--!confirmOPENBUGBOUNTY//...