U.S. Dept Of Defense: Wordpress Takeover using setup configuration at http://████.edu [HtUS]

A vulnerability was found in the WordPress 'setup-config.php' installation page, which allowed a malicious user to install WordPress in a remote MySQL database without valid credentials on the target system. This could lead to remote code execution and total system compromise, as well as other...

Cross site request forgery (csrf)

The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7dbeditscrfiledelete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the...

Advanced Contact form 7 DB < 1.8.7 - Subscriber+ Arbitrary File Deletion

The plugin does not have authorisation nor CSRF checks in the acf7dbeditscrfiledelete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPre...

Uber: Stored XSS on newsroom.uber.com admin panel / Stream WordPress plugin

newsroom.uber.com uses a WordPress plugin called Stream to log user activity. In some cases the logged events aren't sanitized properly and can contain HTML tags and JavaScript. An unauthenticated user can produce such a log message to inject JavaScript in the admin panel. When an administrator...