11 matches found
HollerBox < 2.1.4 - Admin+ SQL Injection
The plugin concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's database. 1. Login as admin 2. Make sure HollerBox is installed and...
SiteGround Security < 1.3.1 - Admin+ SQLi
The plugin does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue. 1: POST /wordpress/index.php/wp-json/sg-security/v1/activity-registered HTTP/1.1 Host: YOUR HOST X-WP-Nonce: YOUR NONCE Cookie: Admin+ Content-Length: 155...
Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure
Exploit Title: Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure Exploit Author: Keyvan Hardani Date: 22/11/2021 Vendor Homepage: https://wp-guppy.com/ Version: up to 1.1 Tested on: Kali Linux - Windows 10 - Wordpress 5.8.x and apache2 Usage ./exploit.sh -h !/bin/bash...
WP Guppy < 1.3 - Sensitive Information Disclosure
The plugin does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user !/bin/bash Exploit Title: Wordpress...
CVE-2020-26876
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...
CVE-2019-16932
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data...
Server side request forgery (ssrf)
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data...
Visualizer < 3.3.1 - Blind Server-Side Request Forgery (SSRF)
This plugin suffers from a blind SSRF vulnerability in the /wp-json/visualizer/v1/upload-data endpoint. PoC curl -i -s -X $'POST' \ -H $'Host: 192.168.158.128:8000' \ --data-binary $'"url":"http://db:3306"' \ $'http://192.168.158.128:8000/wp-json/visualizer/v1/upload-data' See the references...
Automattic: Denial of service to WP-JSON API by cache poisoning the CORS allow origin header
The WP-JSON implementation on some wordpress.com websites I've tested is vulnerable to denial of service where by an attacker can provide an arbitrary Origin header in the request, which is then echoed back in the response via the Access-Control-Allow-Origin header, which is cached and served to...
Automattic: Wordpress VIP leaks email of the test a/c
i was testing learn.fb.com and i came to known that its wp-json is open and when i saw all the routes of the websites than i got to known that one end-point is leaking their internal email address the endpoint is as follow https://learn.fb.com/wp-json/th/v1/usergeneration The issue has been fixed...
CVE-2018-11105
There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" aka wplcname and "email" aka wplcemail input fields to wp-json/wplivechatsupport/v1/startchat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: thi...