WordPress Plugin Photo Gallery 1.5.34 - SQL Injection

Exploit Title: WordPress Plugin Photo Gallery by 10Web Add new and in add galleries / Gallery groups. GET request going with parameter albumid is vulnerable to Time Based Blind SQL injection. Following is the POC, 1...

WordPress Plugin OneSignal 1.17.5 - subdomain Persistent Cross-Site Scripting

WordPress Plugin OneSignal 1.17.5 - subdomain Persistent Cross-Site Scripting Exploit Title: WordPress Plugin OneSignal 1.17.5 - Persistent Cross-Site Scripting Date: 2019-07-18 Vendor Homepage: https://www.onesignal.com Software Link:...