EUVD-2006-0989

Malware in sbrugna...

BIT-WORDPRESS-2020-25286

In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public...

WordPress 3.4.x < 3.4.2 XSS / Access Restriction Bypass Vulnerability

WordPress is prone to a cross-site scripting XSS and access restriction bypass vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-late...

OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal

The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin PoC As admin, put the following payload in the "Fonts Cache Directory" setting of the plugin: ../wp-includes, tick the...

Arbitrary File Deletion

wordpress is vulnerable to Arbitrary File Deletion. Insecure validation of the meta key protection in isprotectedmeta in wp-includes/meta.php allows an attacker to delete arbitrary files on the host...

MTN Group: [mtn.com.af] Multiple vulnerabilities allow to Application level DoS

Issue Description Unauthenticated attackers can cause a denial of service resource consumption by using the large list of registered .js files from wp-includes/script-loader.php to construct a series of requests to load every file many times. The vulnerability is registered as CVE-2018-6389 76172...

MTN Group: CVE-2018-6389 exploitation - using scripts loader

Issue Description Unauthenticated attackers can cause a denial of service resource consumption by using the large list of registered .js files from wp-includes/script-loader.php to construct a series of requests to load every file many times. The vulnerability is registered as CVE-2018-6389 76172...

PT-2020-16064 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.2 Description: In WordPress, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. This issue is related to the comment-template.php file in the...

Object Injection

wordpress is vulnerable to PHP object injection. The vulnerability exists in the wpgetattachmentthumbfile function in wp-includes/post.php because the attack can be triggered by inputting manipulated metadata. in the wpgetattachmentthumbfile function in wp-includes/post.php...

WordPress 4.5.x < 4.5.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - wp-admin/user-new.php sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access...

CVE-2018-12895

CVE-2018-12895 affects WordPress up to version 4.9.6. An Author (needs files and posts capabilities) can trigger directory traversal via the thumb parameter in wp-admin/post.php, causing the PHP unlink call to delete wp-config.php through a missing filename validation in wp-includes/post.php wp_d...

Multiple Cross-Site Scripting (XSS)

Wordpress is vulnerable to multiple cross-site scripting XSS attack. The attack is vulnerable because wp-includes/class-wp-theme.php does not filter the user-supplied web script or HTML through the 1 stylesheet name or 2 template name to wp-admin/customize.php...

Sql injection

SQL injection vulnerability in wp-includes/class-wp-query.php in WPQuery in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name...

CVE-2017-5490

Cross-site scripting XSS vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to...

Yelp: Able to download arbitrary PHP files at yelpblog.com

There is a misconfigured wordpress installation at yelpblog.com, through which i am able to download any php files in wp-includes folder. For a PoC, you can open https://www.yelpblog.com/wp-includes/wp-db.php, and the wp-db.php will be downloadalong with all the data in it As we all know that the...

CVE-2016-1564

Multiple cross-site scripting XSS vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a 1 stylesheet name or 2 template name to wp-admin/customize.php...

CVE-2016-2222

The wphttpvalidateurl function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery SSRF attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php...

CVE-2016-2221

CVE-2016-2221 corresponds to an open redirect in WordPress prior to 4.4.2 via wp_validate_redirect in wp-includes/pluggable.php. The vulnerability allows remote attackers to redirect users to arbitrary sites and potentially enable phishing through malformed URLs that trigger incorrect hostname pa...

WordPress <= 4.2.1 - XSS

This vulnerability in wp-includes/wp-db.php allows an attacker to inject arbitrary web script or HTML via a long comment which is improperly stored because there are some limitations on the MySQL TEXT data type. Solution Update WordPress...

WordPress <= 4.4.0 - Multiple XSS

Multiple cross site scripting vulnerabilities were found in wp-includes/class-wp-theme.php. These vulnerabilities allow the attackers to inject arbitrary web script or HTML via a 1. stylesheet name or 2. template name to wp-admin/customize.php. Solution Upgrade WordPress...