Don't be afraid of XXE vulnerabilities: understand the beast and how to detect them

Today XML External Entities XXE vulnerabilities are still ubiquitous, despite the fact that recommendations to protect against them have been an integral part of security standards for years. In this post, the first in a series of three blog posts, we will try to demystify XXE vulnerabilities and...

WordPress 5.7 - (Media Library) XML External Entity Injection Authenticated Vulnerability

Exploit Title: WordPress 5.7 - 'Media Library' XML External Entity Injection XXE Authenticated Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://wordpress.com Affected Version: WordPress 5.6-5.7 & PHP8 Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2021-29447 !/bin/bash Author:...

WordPress 5.7 < 5.7.1 / 5.6 < 5.6.3 / 5.5 < 5.5.4 / 5.4 < 5.4.5 / 5.3 < 5.3.7 / 5.2 < 5.2.10 / 5.1 < 5.1.9 / 5.0 < 5.0.12 / 4.9 < 4.9.17 / 4.8 < 4.8.16 / 4.7 < 4.7.20

WordPress 5.7 5.7.1 / 5.6 5.6.3 / 5.5 5.5.4 / 5.4 5.4.5 / 5.3 5.3.7 / 5.2 5.2.10 / 5.1 5.1.9 / 5.0 5.0.12 / 4.9 4.9.17 / 4.8 4.8.16 / 4.7 4.7.20 is affected by multiple vulnerabilities: - A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library...