Ultimate Member < 2.0.52 - CSRF and Stored XSS issues

A CSRF vulnerability in adding/editing user roles in Ultimate Member 2.0.49. It also lead to stored XSS. Edit WPScanTeam: July 9th, 2019 - v2.0.50 released and still affected. Escalated to WP Plugins Team July 9th, 2019 - v2.0.51 released, fixing the CSRF but not the XSS July 11th, 2019 - Escalat...

Wordpress Easy Testimonials 3.2 Plugins - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugins Easy Testimonials 3.2 - Cross-Site Scripting Exploit Author: Endust Vendor Homepage: https://wordpress.org/plugins/easy-testimonials/ Software Link: https://wordpress.org/plugins/easy-testimonials/ Version: 3.2...

Two Bugs in WordPress Tooltipy Plugin Patched

WordPress has issued fixes for two bugs rated “medium” in its tooltips plugin, including one that can allow bad actors to do anything an administrative user would be able to do on a WordPress site. The Tooltipy plugin allows users to automatically create responsive “tooltip” boxes for technical...

Multiple Wordpress Plugin PHP Object Injection Vulnerabilities

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple Wordpress plugins suffer from a PHP object injection vulnerability that stems from a failure to adequately validate...

Fsociety Hacking Tools Pack

Fsociety Menu Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE Information Gathering : Nmap Setoolkit Port Scanning Host To IP wordpress user CMS scanner XSStracer Dork – Google Dorks...

CVE-2017-17780

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

CVE-2017-17780

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

Design/Logic Flaw

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

CVE-2017-17780

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

Clockwork SMS Cross Site Scripting

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Discoverer: Elias Dimopoulos Linkedin: https://gr.linkedin.com/in/dimopouloselias Vulnerability Type: Reflected XSS via GET parameter "to". Vendor of the affected plugins: https://www.clockworksms.com/plugins/ Affected Plugins:...

WPSploit - WordPress Plugin Code Scanner

This tool is intended for Penetration Testers who audit WordPress plugins or developers who wish to audit their own WordPress plugins. For more info click here. Usage $ git clone https://github.com/m4ll0k/wpsploit.git $ cd wpsploit $ python wpsploit.py pluginfile.php or $ wget...

My Geo Posts Free <= 1.2 - Unauthenticated PHP Object Injection

The plugin my-geo-posts-free insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Attack is exploitable over HTTP requests to sites with the my-geo-posts-free Plugin. The original researcher notifi...

NextGEN Gallery geo <= 1.0 - Unauthenticated PHP Object Injection

The plugin nextgen-gallery-geo insecurely trusts serialized data submitted over AJAX requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified the WordPress Plugins team. PoC Attack is exploitable over AJAX calls sites with...

Referrer Detector <= 4.2.1.0 - Unauthenticated PHP Object Injection

The plugin referrer-detector insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified the WordPress Plugins team. PoC Attack is exploitable over HTTP requests to sites...

AJAX Random Posts <= 0.3.3 - Unauthenticated PHP Object Injection

The plugin ajax-random-posts insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified WordPress Plugins team. PoC Attack is exploitable over AJAX calls on sites with th...

Gravitate QA Tracker <= 1.2.1 - Unauthenticated PHP Object Injection

The plugin gravitate-qa-tracker insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Attack is exploitable over HTTP requests to sites with the gravitate-qa-tracker Plugin. The original researcher...

Gravitate QA Tracker <= 1.2.1 - Unauthenticated PHP Object Injection

The plugin gravitate-qa-tracker insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. PoC Attack is exploitable over HTTP requests to sites with the gravitate-qa-tracker Plugin. The original...

CVE-2015-7377

The CVE-2015-7377 vulnerability affects WordPress Pie Register plugin versions before 2.0.19, where an unsanitized invitaion_code parameter in pie-register.php enables reflected XSS. The root cause is improper handling of the GET parameter, allowing injection of arbitrary script/HTML. Impact is r...

Multiple Cross-Site Scripting Vulnerabilities in Multiple WordPress Plugins

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site scripting vulnerabilities exist in several WordPress plugins due to the program failing to adequately filter user-supplied input. An attacker is...

CVE-2014-9735

The ThemePunch Slider Revolution revslider plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to 1 upload and execute arbitrary files via an updateplugin...