WordPress XO Security plugin <=1.5.2 - Persistent Cross-Site Scripting (XSS) vulnerability

WordPress XO Security plugin Persistent Cross-Site Scripting XSS vulnerability was found in 1.5.2 version. The password is not sanitized in failedlogin function. Solution Update the plugin...

WordPress Image Slider 1.1.41 / 1.1.89 Arbitrary File Deletion

Details ================ Software: Image Slider Version: 1.1.41,1.1.89 Homepage: http://wordpress.org/plugins/image-slider-widget/ Advisory report: https://security.dxw.com/advisories/arbitrary-file-deletion-vulnerability-in-image-slider-allows-authenticated-users-to-delete-files/ CVE: Awaiting...

WordPress iThemes Security Plugin <= 5.6.1 - Stored XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

One Click Symbolic Execution: Ponce

Ponce pronounced ‘poN θe pon-they is an IDA Pro plugin that provides users the ability to perform taint analysis and symbolic execution over binaries in an easy and intuitive fashion. With Ponce you are one click away from getting all the power from cutting edge symbolic execution. Entirely writt...

WordPress iThemes Security Plugin Local File Access

A local file access vulnerability exists in WordPress iThemes Security Plugin. Successful exploitation of this vulnerability could allow an attacker to read and obtain backup and log files from the victim's computer...

WordPress Advanced Video 1.0 Plugin - Local File Inclusion

Exploit for php platform in category web applications !/usr/bin/env python Exploit Title: Advanced-Video-Embed Arbitrary File Download / Unauthenticated Post Creation Google Dork: N/A Date: 04/01/2016 Exploit Author: evait security GmbH Vendor Homepage: arshmultani - http://dscom.it/ Software Lin...

WordPress User Meta Manager 3.4.6 Plugin - Privilege Escalation

Exploit for php platform in category web applications Exploit Title: WordPress User Meta Manager Plugin Privilege Escalation Discovery Date: 2015/12/28 Public Disclosure Date: 2016/02/04 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...

WordPress Google Captcha 1.05 Cross Site Scripting

Plugin Name : Google Captcha reCAPTCHA Effected Version : 1.05 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - Proof of Concept : The following fields put the...

Ethernet MAC Addresses

This plugin gathers MAC addresses discovered from both remote probing of the host e.g. SNMP and Netbios and from running local checks e.g. ifconfig. It then consolidates the MAC addresses into a single, unique, and uniform list. TRUSTED...

WordPress Vertical Image Slider 1.0 CSRF / XSS Vulnerabilities

Exploit for php platform in category web applications Exploit Title : Wordpress Vertical image slider CSRF/XSS Exploit Author: Ashiyane Digital Security Team Vendor Homepage: https://wordpress.org/plugins/wp-vertical-image-slider/ Software Link:...

A serious Wordpress 0 day exploit reverse engineering analysis-vulnerability warning-the black bar safety net

In just the past weekend,I got from my modsecurity logs found an interesting warning,logging a submit to my Wordpress site with one network request. Although this request did not succeed,but I decided to be an in-depth study,and trying to figure out this request information in the end is what,it...

Fedora Update for jenkins-script-security-plugin FEDORA-2015-5643

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Better WP Security Plugin <= 3.6.3 - XSS

This plugin is prone to online backup storage currenttime function brute force disclosure vulnerability. Solution Upgrade the plugin...

Fedora 21 : jenkins-script-security-plugin-1.13-2.fc21 / groovy-sandbox-1.8-1.fc21 / etc (2015-5637)

Fix CVE-2015-1806 SECURITY-125 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora Update for jenkins-script-security-plugin FEDORA-2015-5637

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Plugin All In One WP Security & Firewall admin/wp-security-list-login-fails.php SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.All In One WP Security & Firewall Plugin for WordPress is a Wordpress Security Plugin. The All In One WP Security &...

WordPress Plugin All In One WP Security & Firewall admin/wp-security-list-acct-activity.php SQL Injection Vulnerability

WordPress is a set of blogging platform developed in PHP language by WordPress Software Foundation, which supports setting up personal blog sites on servers with PHP and MySQL.All In One WP Security & Firewall Plugin for WordPress is a Wordpress Security Plugin. The All In One WP Security &...

All In One WP Security & Firewall vulnerable to cross-site request forgery

Overview All In One WP Security & Firewall is WordPress plugin that provides security functionality. All In One WP Security & Firewall contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, access logs 404 events maintained by the...

JVN#30832515: All In One WP Security & Firewall vulnerable to SQL injection

All In One WP Security & Firewall is WordPress plugin that provides security functionality. All In One WP Security & Firewall contains a SQL injection vulnerability CWE-89. Impact If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. Solution Update...

JVN#87204433: All In One WP Security & Firewall vulnerable to cross-site request forgery

All In One WP Security & Firewall is WordPress plugin that provides security functionality. All In One WP Security & Firewall contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, access logs 404 events maintained by the product may ...