Transposh WordPress Translation 1.0.8.1 Remote Code Execution

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Reliance on File Name or Extension of Externally-Supplied File...

Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF)

The plugin does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion PoC The PoC varies based on the endpoint targeted. Here is one example that will modify the...

Simple Post <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. 1. Install WordPress 5.7.2 2. Install and activate Simple Post 3. Navigate to...

UBUNTU-CVE-2020-28037

isbloginstalled in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution as well as a denial of service for the old installation...

Critical WordPress Plugin Flaw Allows Complete Website Takeover

A critical vulnerability in popular WordPress plugin Simple Social Buttons enables non-admin users to modify WordPress installation options – and ultimately take over websites. Simple Social Buttons enables users to add social-media sharing buttons to various locations of their websites. The plug...

WordPress WP Statistics <= 12.0.7 Authenticated SQLi Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:veronalabs:wpstatistics"; ifdescription...

WordPress Plugin leenk.me 2.5.0 - Cross-Site Request Forgery Cross-Site Scripting

WordPress Plugin leenk.me 2.5.0 - Cross-Site Request Forgery Cross-Site Scripting I would like to disclose CSRF and stored XSS vulnerability in Wordpress plugin LeenkMe version 2.5.0. The plugin can be found at https://wordpress.org/plugins/leenkme/ In the page...

WordPress Plugin Kento Post View Counter 2.8 - Cross-Site Request Forgery Cross-Site Scripting

WordPress Plugin Kento Post View Counter 2.8 - Cross-Site Request Forgery Cross-Site Scripting I would like to disclose CSRF and stored XSS vulnerability in Kento post view counter plugin version 2.8 . The vulnerable Fields for XSS are kentopvcnumberslang kentopvctodaytext kentopvctotaltext The...

WordPress Plugin leenk.me 2.5.0 - Cross-Site Request Forgery / Cross-Site Scripting

I would like to disclose CSRF and stored XSS vulnerability in Wordpress plugin LeenkMe version 2.5.0. The plugin can be found at https://wordpress.org/plugins/leenkme/ In the page wp-content/plugins/leenkme/facebook.php XSS vulnerable Fields are : - facebookmessage - facebooklinkname -...

The &#8220;Unhackable&#8221; WordPress Blog &#8211; Finding Security In the Static

Using the word “unhackable” is generally considered a bad ideaTM due to this being a largely unobtainable feat with software. In this post I attempt to get as close to “unhackable” as possible with my own personal blog the one you’re reading right now. I have designed the process in such a way th...

WordPress Plugin WP Symposium 15.1 - get_album_item.php SQL Injection

WordPress Plugin WP Symposium 15.1 - getalbumitem.php SQL Injection Exploit Title: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability Date: 2015-07-30 Exploit Author: PizzaHatHacker Vendor Homepage: http://www.wpsymposium.com/ Version: ? = version = 15.5.1 Contact:...

WordPress Plugin Participants Database 1.5.4.8 - SQL Injection

Yarubo 1: Arbitrary SQL Execution in Participants Database for Wordpress ========================================================================= Program: Participants Database = 1.5.4.8 Severity: Unauthenticated attacker can fully compromise the Wordpress installation Permalink:...

CVE-2012-0937

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost...

CVE-2011-4898

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a...