WordPress Import users from CSV with meta Plugin < 1.14.2.2 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:codection:importusersfromcsvwithmeta"; ifdescription...

WordPress Import users from CSV with meta Plugin < 1.14.2.1 Directory Traversal Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113523";...

WordPress Social LikeBox & Feed Plugin < 2.8.5 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113510";...

CoMisSion: Open Source WhiteBox CMS Analysis Tool

PenTestIT RSS Feed Less than a week ago, an open source white-box CMS analysis tool was released - CoMisSion. I had covered a similar local web application vulnerability scanner - pyfiscan. This new tool tends to automate a lot of tasks that help you analyze a CMS setup and tend to be long, tedio...

Nextcloud: WordPress <= 4.6.1 Stored XSS Via Theme File

Hello Team, Description:- Vulnerable code is located at /wp-admin/includes/class-theme-installer-skin.php POC:- https://nextcloud.com/readme.html F151887 FIX:- Upgrade wordpress to latest Refer:- https://wpvulndb.com/vulnerabilities/8718 https://www.mehmetince.net/low-severity-wordpress/ Attack...

Nextcloud: User Information Disclosure via REST API

Hello, I found out that you are using WP 4.6.2 on your domain which is outdated. https://nextcloud.com/readme.html Description:- WordPress versions 4.7 and earlier are affected by multiple security issues. Kindly check https://wpvulndb.com/wordpresses/462 for the vulnerabilities and in detailed...

Nextcloud: Lost Password CSRF

Hi, I think it is something about your Wordpress version.It's not something highy risky bu it is vulnerability. CODE: Username or Email For testing CSRF I added the .html file to attachments.And there is a screenshot for you. How To Fix : Adding rpkey will be fine. Please take a look at links bel...

WordPress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection

WordPress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection Exploit Title: Wordpess Simple Photo Gallery Blind SQL Injection Date: 12-05-2015 Exploit Author: woodspeed Vendor Homepage: https://wordpress.org/plugins/simple-photo-gallery/ Version: 1.7.8 Tested on: Apache 2.2.22, PHP 5.3.10...

WordPress < 4.2.1 Comments Stored XSS Vulnerability

WordPress is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress SEO By Yoast 1.7.3.3 SQL Injection

Title: WordPress SEO by Yoast = 1.7.3.3 - Blind SQL Injection Version/s Tested: 1.7.3.3 Patched Version: 1.7.4 CVSSv2 Base Score: 9 AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C CVSSv2 Temporal Score: 7 AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C WPVULNDB: https://wpvulndb.com/vulnerabilities/7841...