CVE-2021-24227

The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials a...

CVE-2020-35951

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurre...

WordPress Quiz and Survey Master plugin security vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the Quiz and Survey Master plugin before 7.0.1 for WordPress that...

Attackers Target 1M+ WordPress Sites To Harvest Database Credentials

Attackers were spotted targeting over one million WordPress websites in a campaign over the weekend. The campaign unsuccessfully attempted to exploit old cross-site scripting XSS vulnerabilities in WordPress plugins and themes, with the goal of harvesting database credentials. The attacks were...

Merge + Minify + Refresh < 1.10.7 - Authenticated Arbitrary File Delete

The plugin relied on the isadmin check, without checking the user's capabilities, when deleting arbitrary files. The functionality was also vulnerable to Cross-site Request Forgery CSRF allowing attackers to delete arbitrary files by tricking authenticated users into visiting a page they...

WP Fastest Cache < 0.9.0.3 - Cross-Site Request Forgery (CSRF) Arbitrary File Deletion

The plugin did not have a CSRF nonce check on the "wpfcdeletecurrentpagecache" action, allowing CSRF attacks against authenticated users to delete arbitrary files, including the wp-config.php file. PoC...

Advanced Access Manager < 5.9.9 - Arbitrary File Access/Download

Advanced Access Manager before Version 5.9.9 allows reading arbitrary files without checking whether a user is allowed to read the given file. This way one can download the wp-config.php file and get access to the database, which is publicly reachable on many servers. PoC...

WordPress Snap Creek Duplicator Code Injection Exploit

When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters befo...

WordPress Snap Creek Duplicator Code Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Snap Creek Duplicator WordPress plugin code injection', 'Description' = %q When the WordPress plugin Snap Creek Duplicator restores a backup, it...

WordPress Configuration Cheat Sheet

In our series about misconfigurations of PHP frameworks, we have investigated Symfony, a very versatile and modular framework. Due to the enormous distribution and the multitude of plugins, WordPress is also a very popular target for attackers. This cheat sheet focuses on the wp-config.php file a...

CVE-2018-17207

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution...

Code injection

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution...

CVE-2018-17207

The CVE concerns WordPress Snap Creek Duplicator plugin before 1.2.42. The issue arises when leftover installer files (installer.php and installer-backup.php) are accessed, allowing an attacker to inject PHP code into wp-config.php during the database setup step, resulting in arbitrary code execu...

Old WordPress Plugin Being Exploited in RCE Attacks

Researchers are warning that attackers are abusing a vulnerability in WordPress site admins’ outdated versions of a migration plugin called Duplicator – allowing them to execute remote code. Made by Snap Creek Software, all Duplicator plugins earlier than version 1.2.42 are vulnerable to the...

WordPress Arbitrary File Deletion Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress has an arbitrary file deletion vulnerability, which can be exploited by an attacker to delete the WordPress build...

CVE-2018-12895

WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the...

Directory traversal

WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the...

pravimed.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-601552 Description| Value ---|--- Affected Website:| pravimed.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

CVE-2018-7204

inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and...

WordPress: Arbitrary file deletion in wp-core - guides towards RCE and information disclosure

Vulnerable place 1: wp-admin/post.php $newmeta'thumb' is placed into DB not sanitized directly from user input. case 'editattachment': checkadminreferer'update-post' . $postid; // Don't let these be changed unset$POST'guid'; $POST'posttype' = 'attachment'; // Update the thumbnail filename $newmet...