WordPress 4.5.x < 4.5.23 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A deserialization vulnerability exists in RequestsUtilityFilteredIterator class. - A cross-site scripting XSS vulnerability exists via global variables and post slugs. - A...

WordPress Car Rental System 1.3 Cross Site Scripting

Exploit Title: WordPress Car Rental System 1.3 XSS Vunlerability Google Dork:N/A Date: 2020-04-04 Exploit Author: @ThelastVvV Vendor Homepage: https://codecanyon.net/item/car-rental-system-wordpress-plugin/4239755?srank=3 Version: 1.3 Tested on: 5.4.0-kali4-amd64...

WordPress 4.5.x < 4.5.13 MediaElement.js Flash Fallback XSS

According to its self-reported version number, the detected WordPress application is affected by a cross-site scripting vulnerability in the Flash fallback files in MediaElement under wp-includes/js/mediaelement. Note that the scanner has not tested for these issues but has instead relied only on...

CVE-2016-6635

Cross-site request forgery CSRF vulnerability in the wpajaxwpcompressiontest function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option...

Google Authenticator <= 0.47 - Two Factor Authentication Bypass

WordPress 4.5 introduced the ability to login with an email address instead of a username. Google Authenticator v0.47 wasn't aware of the new feature, and didn't properly handle the case where an email address was used instead of a username. Using an email address would allow an attacker with a...