Exploit for OS Command Injection in Gnu Bash

AppAssault Lab — Attacking Common Applications ╔═════...

CVE-2025-53284 WordPress CMS Blocks plugin <= 1.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in pankaj.sakaria CMS Blocks cms-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMS Blocks: from n/a through = 1.1...

CVE-2025-53284

CVE-2025-53284 : Missing Authorization vulnerability in the WordPress plugin CMS Blocks (versions n/a–1.1) due to incorrectly configured access control. This may allow an attacker with low privileges to access restricted resources over the network, with high impact on confidentiality but no state...

WordPress plugin Base64 Encoder/Decoder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress CMS Commander Plugin <= 2.287 is vulnerable to Broken Access Control

Software CMS Commander Type Plugin Vulnerable versions = 2.287 Fixed in 2.288 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3325 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 74937eb26e46 Credits Lana Codes Required privilege...

CVE-2023-25452 WordPress CMS Press Plugin <= 0.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Michael Pretty prettyboymp CMS Press plugin = 0.2.3 versions...

WordPress CMS Press Plugin <= 0.2.3 is vulnerable to Cross Site Scripting (XSS)

Software CMS Press Type Plugin Vulnerable versions = 0.2.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25452 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 688d89a4ffb8 Credits Prasanna V Balaji Required...

Adsense abused: 11,000 sites hacked in a backdoor attack

By Waqas All infected websites are using the WordPress CMS. This is a post from HackRead.com Read the original post: Adsense abused: 11,000 sites hacked in a backdoor attack...

Hackers Using Squirrelwaffle Loader to Deploy Qakbot and Cobalt Strike

A new spam email campaign has emerged as a conduit for a previously undocumented malware loader that enables the attackers to gain an initial foothold into enterprise networks and drop malicious payloads on compromised systems. "These infections are also used to facilitate the delivery of...

WordPress-Brute-Force - Super Fast Login WordPress Brute Force

WordPress Brute Force Super Fast Login .---. .----------- / \ / ------ / / \ / ----- ////// ' / --- //// / // : ★★ : --- // / / / '-- // //..\ WpCrack Brute Froce Tool™ ====UU====UU========================== '//||\ '' usage: python WpCrack.py options optional arguments: -h, --help show this help...

ProjectOpal - Stealth Post-Exploitation Framework For Wordpress

Stealth post-exploitation framework for Wordpress CMS Official ProjectOpal Repository. What is it and why was it made? We intentionally made it for our penetration testing jobs however its getting grey hairs now so we thought we would like to pass it on to the public!. ProjectOpal or Opal. Is a...

WordPress 3.7.x < 3.7.27 Arbitrary File Deletion

According to its self-reported version number, the detected WordPress application is affected by issue that could allow a user who is able to edit uploaded media to attempt to delete files outside the uploads directory. Note that the scanner has not tested for these issues but has instead relied...

WordPress Strong Testimonials 2.31.4 Cross Site Scripting

DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities Advisory ID: DC-2018-05-007 Advisory Title: WordPress Strong Testimonials Plugin Multiple XSS Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPre...

WordPress Ultimate Form Builder Lite 1.3.7 XSS / SQL Injection

DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities XSS and SQLi Advisory ID: DC-2018-05-009 Advisory Title: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities XSS and SQLi Advisory URL:...

WordPress Booking Calendar 7.0 / 7.1 SQL Injection / Local File Inclusion Vulnerabilities

WordPress Booking Calendar plugin versions 7.1, 7.0, and below suffer from remote SQL injection and local file inclusion vulnerabilities. Advisory Title: WordPress Booking Calendar Plugin Multiple Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Booking...

WordPress Plugin Easy Modal 2.0.17 - SQL Injection

DefenseCode ThunderScan SAST Advisory WordPress Easy Modal Plugin Multiple Security Vulnerabilities Advisory ID: DC-2017-01-007 Advisory Title: WordPress Easy Modal Plugin Multiple Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Easy Modal plugin...

CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin

Vulnerability title: Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin CVE: CVE-2015-7320 Vendor: WordPress DWBooster Product: Appointment Booking Calendar Affected version: 1.1.7 Fixed version: 1.1.8 Reported by: Iberia Medeiros Vulnerability Details:...

[CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin

Vulnerability title: SQL Injection in Support Ticket System 1.2 WordPress plugin CVE: CVE-2015-7670 Vendor: Tim Dahlmanns Product: Support Ticket System Affected version: 1.2 Fixed version: 1.2.1 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no...

WordPress Appointment Booking Calendar 1.1.7 XSS Vulnerability

WordPress Appointment Booking Calendar plugin version 1.1.7 suffers from multiple cross site scripting vulnerabilities. Vulnerability title: Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin CVE: CVE-2015-7320 Vendor: WordPress DWBooster Product: Appointment Booking...

WordPress Yet Another Related Posts Plugin <= 4.2.4 - CSRF Vulnerability

Exploit for php platform in category web applications Homepage https://wordpress.org/plugins/yet-another-related-posts-plugin/ Affected Versions input type='hidden' name='autodisplayposttypespag...