Easy Social Icons < 3.2.1 - Admin+ Stored Cross-Site Scripting in add icon

The plugin does not properly escape the imagefile field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfilteredhtml capability is disallowed. Version 3.2.0 adressed some of the issues, but was still vulnerable when clicking to edit the...

WordPress Core 4.9.6 - (Authenticated) Arbitrary File Deletion

WordPress Core 4.9.6 - Authenticated Arbitrary File Deletion Exploit Title: Wordpress = 4.9.6 Arbitrary File Deletion Vulnerability Date: 2018-06-27 Exploit Author: VulnSpy Vendor Homepage: http://www.wordpress.org Software Link: http://www.wordpress.org/download Version: = 4.9.6 Tested on: php7...

Wordpress WPTouch Authenticated File Upload Exploit

The Wordpress WPTouch plugin contains an auhtenticated file upload vulnerability. A wp-nonce CSRF token is created on the backend index page and the same token is used on handling ajax file uploads through the plugin. By sending the captured nonce with the upload, we can upload arbitrary files to...

WordPress WPTouch Authenticated File Upload

The WordPress WPTouch plugin contains an authenticated file upload vulnerability. A wp-nonce CSRF token is created on the backend index page and the same token is used on handling ajax file uploads through the plugin. By sending the captured nonce with the upload, we can upload arbitrary files to...