11 matches found
Wordpress Pingback Locator
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Pingback Locator', 'Description' = %q This module will scan for wordpress sites with the Pingback API enabled. By interfacing with the...
Wordpress FuneralPress Plugin 1.1.6 - Persistent XSS
No description provided by source. WP FuneralPress - stored xss in guestbook FuneralPress is an online website obituary management and guest book program for funeral homes and cemeteries http://wpfuneralpress.com/ tested on: funeralpress version 1.1.6 / wordpress version 3.5.1 impact: malicious...
CVE-2013-0237
Cross-site scripting XSS vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter...
WordPress 3.5.1 Cross Site Scripting
Hello list! These are Cross-Site Scripting vulnerabilities in WordPress. Which I've disclosed last week. At WordPress 3.5.2 release, WP developers mentioned about three holes as "security hardenings" to decrease their importance and to make it looks like there were less fixed holes. One of these...
DEBIAN-CVE-2013-2173
wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service CPU consumption via a crafted value of a certain wp-postpass cookie...
CVE-2013-2173
wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service CPU consumption via a crafted value of a certain wp-postpass cookie...
Design/Logic Flaw
wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service CPU consumption via a crafted value of a certain wp-postpass cookie...
WordPress Plugin Ultimate WordPress Auction Plugin 1.0 - Cross-Site Request Forgery
WordPress Plugin Ultimate WordPress Auction Plugin 1.0 - Cross-Site Request Forgery ============================================================= \ \ / / | | / \ / | | \ \ V / | | | | | | | | | / \ | ' \ | | | | | | | | | | | | '| | / / . \ | | | | | | || | | | | | | | | | // \ | ./ || / || ||...
WordPress Plugin Ultimate WordPress Auction Plugin 1.0 - Cross-Site Request Forgery
============================================================= \ \ / / | | / \ / | | \ \ V / | | | | | | | | | / \ | ' \ | | | | | | | | | | | | '| | / / . \ | | | | | | || | | | | | | | | | // \ | ./ || / || || |/ || | | || blackpentesters.blogspot.com...
Millions of WordPress sites exploitable for DDoS Attacks using Pingback mechanism
Distributed Denial of Service attacks have increased in scale, intensity and frequency. The wide range of motives for these attacks political , criminal, or social makes every merchant or organization with an online presence a potential target. Over the weekend Incapsula mitigated a unique DDoS...
Wordpress Pingback Locator
This module will scan for wordpress sites with the Pingback API enabled. By interfacing with the API an attacker can cause the wordpress site to port scan an external target and return results. Refer to the wordpresspingbackportscanner module. This issue was fixed in wordpress 3.5.1 This module...