WordPress Symposium <=15.8.1 - Cross-Site Scripting

WordPress Symposium through 15.8.1 contains a reflected cross-site scripting vulnerability via the wp-content/plugins/wp-symposium/getalbumitem.php?size parameter which allows an attacker to steal cookie-based authentication credentials and launch other attacks. id: CVE-2015-9414 info: name:...

EUVD-2021-34789

WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with...

WordPress Symposium Plugin SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Symposium Plugin SQL Injection', 'Description' = %q This module exploits a SQL injection vulnerability in the WP Symposium plugin befor...

WP Symposium Plugin Arbitrary File Upload

The WP Symposium Plugin for WordPress running on the remote web server is affected with an remote file upload vulnerability. A remote, unauthenticated attacker can exploit this vulnerability, via a specially crafted request, allowing an attacker to execute arbitrary code on the target web...

WordPress Symposium Pro Social Network 16.1 Cross Site Scripting

FULL DISCLOSURE Product : WP Symposium Pro Social Network plugin Exploit Author : Rahul Pratap Singh Home page Link : https://wordpress.org/plugins/wp-symposium-pro Version : 16.1 Website : 0x62626262.wordpress.com Twitter : @0x62626262 Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Dat...

WordPress Symposium Pro Social 15.12 XSS / CSRF

Product : WP Symposium Pro Social Network plugin Exploit Author : Rahul Pratap Singh Home page Link : https://wordpress.org/plugins/wp-symposium-pro Version : 15.12 Website : 0x62626262.wordpress.com Twitter : @0x62626262 Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date : 8/Jan/2016 ...

WordPress Symposium Pro Social Network Plugin 15.12 - Multiple Vulnerabilities

Exploit for python platform in category web applications Product : WP Symposium Pro Social Network plugin Exploit Author : Rahul Pratap Singh Home page Link : https://wordpress.org/plugins/wp-symposium-pro Version : 15.12 Website : 0x62626262.wordpress.com Twitter : @0x62626262 Linkedin :...

WordPress Symposium 14.05.02 Cross Site Request Forgery

Plugin Name : WP Symposium A8-Cross-SiteRequestForgeryCSRF Effected Version : 14.05.02 and most probably lower version's if any Vulnerability : A8-Cross-Site Request Forgery CSRF Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Unauthenticated PoC - Proof of Concep...

WordPress Symposium Plugin 15.1 - SQL Injection #2

WP Symposium plugin's "size" parameter is prone to an SQL injection via getalbumitem.php. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Related records:...

WordPress Plugin WP Symposium Has Multiple Arbitrary File Upload Vulnerabilities

WordPress is a blogging platform developed using the PHP language that allows users to set up their weblogs on servers that support PHP and MySQL databases. WordPress plugin WP Symposium has multiple arbitrary file upload vulnerabilities that can be exploited by an attacker to upload arbitrary...

WordPress Symposium Plug-In File Upload Vulnerabiilty

Since the disclosure of a serious file-upload vulnerability in WordPress Symposium and the public availability of proof-of-concept exploit code, attacks against sites running the plug-in are starting to raise concern. Researchers at Trustwave SpiderLabs on Tuesday said they had snared a number of...