Javo Spot Premium Theme - Unauthenticated Directory Traversal

Print out any file in the via an unauthenticated AJAX request. PoC /wp-admin/admin-ajax.php? jvfrmspotgetjson=../../wp-config.php=jQuery...

WordPress Plugin Import CSV 1.0 - Directory Traversal

WordPress Plugin Import CSV 1.0 - Directory Traversal Exploit Title: Wordpress Import CSV | Directory Traversal Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/xml-and-csv-import-in-article-content.zip Stable Tag: 1.1 Tested...

WordPress RobotCPA Plugin V5 - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin RobotCPA V5 - Local File Include Google Dork: inurl:"/wp-content/plugins/robotcpa/" Date: 09.06.2015 Exploit Author: T3N38R15 Vendor Homepage: http://robot-cpa.good-info.co/ Version: 5V Tested on: Windows Firefo...

Wordpress Theme Nevada Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Theme Nevada Arbitrary File Download Vulnerability Date: 01/05/2015 Exploit Author: X-Line Vendor Homepage: http://themeforest.unitedthemes.com/wpversions/nevada/ Contact : http://www.root-me.org/X-Line-24646 Tested on...

WordPress Plugin WP Mobile Edition 2.7 - Remote File Disclosure

Exploit Title: Wordpress Plugin 'WP Mobile Edition' Remote File Disclosure Vulnerability Date: April 11, 2015 Exploit Author: @LookHin Khwanchai Kaewyos Google Dork: inurl:?fdxswitcher=mobile Vendor Homepage: https://wordpress.org/plugins/wp-mobile-edition/ Software Link:...

WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal

WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal Exploit Title: Paid Memberships Pro 1.7.14.2 Path Traversal Date: 14-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl Software Link: https://downloads.wordpress.org/plugin/paid-memberships-pro.1.7.14.2.zip...

WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal

Exploit Title: Paid Memberships Pro 1.7.14.2 Path Traversal Date: 14-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl Software Link: https://downloads.wordpress.org/plugin/paid-memberships-pro.1.7.14.2.zip Category: webapps CVE: CVE-2014-8801 1. Description getfile.php is...

WordPress yakimabait Theme Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Poc : http://localhost/wp-content/themes/yakimabait/download.php?file=./wp-config.php Demo : http://www.yakimabait.com/wp-content/themes/yakimabait/download.php?file=./wp-config.php --------------------------------------- Greetz to : All...

WPHardening - WPHardening fortification is a security tool for WordPress

WPHardening is a security tool for WordPress. Different tools to hardening WordPress. Usage $ python wphardening.py -h Options: --version show program's version number and exit -h, --help show this help message and exit -v, --verbose Active verbose mode output results --update Check for WPHardeni...

WordPress Authentic Arbitrary File Download

|||||||||||||||||||||||||||||||||||||||||||||||||| |-------------------------------------------------------------------------| | Exploit Title: Wordpress Authentic Theme Arbitrary File Download Vulnerability | | Google Dork: inurl:wp-content/themes/authentic | | Date : Date: 2014-09-07 | | Exploi...

WordPress Theme Acento - 'view-pdf.php?File' Arbitrary File Download

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : WordPress acento theme Arbitrary File Download Vulnerability Author : alieye vondor : http://www.wpbyexample.com/detail/acentocultural.com Contact : [email protected] Risk : High Class: Remote Date: 01/09/2014...

Mulitple WordPress Themes (admin-ajax.php, img param) - Arbitrary File Download

No description provided by source. WordPress CuckooTap Theme & eShop Arbitrary File Download Risk: High CWE number: CWE-200 Author: Hugo Santiago Contact: [email protected] Date: 31/08/2014 Vendor Homepage: http://themeforest.net/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405...

Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download

Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download WordPress CuckooTap Theme & eShop Arbitrary File Download Risk: High CWE number: CWE-200 Author: Hugo Santiago Contact: [email protected] Date: 31/08/2014 Vendor Homepage:...

C2FO: c2fo.com is releasing sensitive Information about Database Configuration.

Hello C2FO Securiity Team, Vulnerability Details : Disclosure of Database Username and Password of c2fo.com Description: Your configuration file of your website is available to download from your website c2fo.com.When i thought to pentest your site,i landed on https://c2fo.com .But instead of...

WordPress Plugin Google Document Embedder - Arbitrary File Disclosure (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rbmysql' class Metasploit3 'WordPress Plugin...

WordPress Plugin Accept Signups 0.1 - Cross-Site Scripting

Exploit Title: WORDPRESS Plugin Accept Signups PERSISTENT XSS Date:21/12/2010 Author: clshack Software Link:http://wordpress.org/extend/plugins/accept-signups/ Version:0.1 Tested on: wordpress 3.03 CVE : Vulnerable code accept-signupssubmit.php: requireonce'../../../wp-config.php';//addslashes to...

litespeed-disclose.txt

| | |--.-----.| .-----.' |.---.-.----.-----.--| | | | | | -|| -- | -| || | | -| | || |||||/||| |.|||| TheDefaced.org TheDefaced Security Team Presents An 0-day. LiteSpeed Remote Mime Type Injection Discovered by:Tr3mbl3r Shouts to his kitty kats and tacos. Product: LiteSpeed/Discovered in ==3.2.3...