Blog Posts - Wordpress Security



WordPress Magic Fields 1 Cross Site Scripting

------------------------------------------------------------------------ Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016   -----...
by MondoUnix on Aug 19, 2016

WordPress Magic Fields 2 Cross Site Scripting

------------------------------------------------------------------------ Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016   -----...
by MondoUnix on Aug 19, 2016

WordPress Google Maps 2.1.2 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Google Maps WordPress Plugin ------------------------------------------------------------------------ Julien Rentrop, July 2016   ----...
by MondoUnix on Aug 19, 2016

WordPress Welcome Announcement 1.0.5 Cross Site Scripting

##################### # Exploit Title: Wordpress Welcome Announcement Cross Site Scripting # Exploit Author: bl4ck_mohajem # Vendor Homepage: https://wordpress.org/plugins/welcome-announcement/ # Tested On: Windows7 # Software Link: https://downloads...
by MondoUnix on Aug 7, 2016

WordPress Store Locator Plus 4.5.09 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting in Store Locator Plus for WordPress ------------------------------------------------------------------------ Yorick Koster, July 2016   ---------------...
by MondoUnix on Aug 7, 2016

Useful .htaccess Tips and Tricks for WordPress

Original Article by TechSling Weblog:  The .htaccess file is a configuration file that helps you to control files and folders in the current directory, and all other sub-directories. The filename .htaccess stands for hypertext access and is supp...
by TechSling on Dec 22, 2015

Breaking News: WordPress Plugin Stops Hacking Attacks Instantly Addresses Major Security Concerns The Others Leave Out

See A Wordpress Site Being Hacked Right Before Your Eyes By Clicking The Big Banner Above @ See How Vulnerable You Really Are And How WP Site Guardian addresses the major security concerns all the other WP anti - hacking plugins leave out. If you are...

WP Fastest Cache 0.8.4.8 Blind SQL Injection

# Exploit Title: WP Fastest Cache 0.8.4.8 Blind SQL Injection # Date: 11-11-2015 # Software Link: https://wordpress.org/plugins/wp-fastest-cache/ # Exploit Author: Kacper Szurek # Contact: http://twitter.com/KacperSzurek # Website: http://security.sz...
by MondoUnix on Nov 13, 2015

WordPress Ajax Load More PHP Upload

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require 'msf/core'   class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking   incl...
by MondoUnix on Nov 13, 2015

WordPress Neuvoo-Jobroll 2.0 Cross Site Scripting

###################################################################### # Exploit Title: Wordpress plugin neuvoo-jobroll 2.0 Reflected Cross-Site Scripting (RXSS) # Date: 05/11/2015 # Author: Mickael Dorigny @ Synetis # Vendor or Software Link: http:/...
by MondoUnix on Nov 6, 2015

WordPress Events Made Easy 1.5.49 CSRF / XSS

Plugin link: https://wordpress.org/plugins/events-made-easy/ Active Installs: 10,000+ Version tested: 1.5.49 CVE Reference: Waiting Original advisory: https://www.davidsopas.com/events-made-easy-wordpress-plugin-csrf-persistent-xss/   Events Mad...
by MondoUnix on Nov 1, 2015

WordPress Pie Register 2.0.18 SQL Injection

Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7682 (Pending) CVSS: 3.5 (Low; AV:N/AC:M/Au:S/C:P/I:N/A:N) CWE: CWE-89   Description ================ Two blind S...
by MondoUnix on Nov 1, 2015

WordPress Font 7.5 Path Traversal

Details ================ Software: Font Version: 7.5 Homepage: https://wordpress.org/plugins/font/ CVE: CVE-2015-7683 (Pending) CVSS: 6.3 (Medium; AV:N/AC:M/Au:S/C:C/I:N/A:N) CWE: CWE-22   Description ================ An absolute path traversal...
by MondoUnix on Nov 1, 2015

WordPress mTheme-Unus Local File Inclusion

####################################### # Exploit Title: Wordpress themes mTheme-Unus LFI Vulnerability # # Date: 2015-09-27 # Exploit Author: FullSecurity.org # Google Dork: ilnurl:/wp-content/themes/mTheme-Unus/ # Vendor Homepage: https://wordpress...
by MondoUnix on Oct 31, 2015

WordPress arcResBookingWidget 1.0 Cross Site Scripting

Title: WordPress 'arcResBookingWidget' Plugin Version: 1.0 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-16 Download: - https://wordpress.org/plugins/arcres-booking-engine/ - https://plugins.svn.wordpress.org/arcres-booking-e...
by MondoUnix on Aug 31, 2015

WordPress Advertisement Management 1.0 Cross Site Scripting

Title: WordPress 'Advertisement Management' Plugin Version: 1.0 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-16 Download: - https://wordpress.org/plugins/advertisement-management/ - https://plugins.svn.wordpress.org/advertis...
by MondoUnix on Aug 31, 2015

WordPress Flickr Justified Gallery 3.3.6 Cross Site Scripting

Details ================ Software: Flickr Justified Gallery Version: 3.3.6 Homepage: https://wordpress.org/plugins/flickr-justified-gallery/ Advisory report: https://security.dxw.com/advisories/reflected-xss-in-flickr-justified-gallery-could-allows-u...
by MondoUnix on Aug 31, 2015

WordPress F/T/G Social Widgets 1.3.7 Cross Site Scripting

Title: WordPress 'Facebook, Twitter & Google+ Social Widgets' Plugin Version: 1.3.7 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-15 Download: - https://wordpress.org/plugins/facebook-twitter-google-social-widgets/ - http...
by MondoUnix on Aug 31, 2015

WordPress Advance Categorizer 0.3 Cross Site Scripting

Title: WordPress 'Advance Categorizer' Plugin Version: 0.3 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-24 Download: - https://wordpress.org/plugins/advance-categorizer/ - https://plugins.svn.wordpress.org/advance-categorize...
by MondoUnix on Aug 31, 2015

WordPress Google Plus One Button By KMS 1.5.0 CSRF / XSS

Title: WordPress 'Google 'Plus one' Button by kms' Plugin Version: 1.5.0 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-16 Download: - https://wordpress.org/plugins/google-plus-one-button-by-kms/ - https://plugins.svn.wordpres...
by MondoUnix on Aug 31, 2015


Trending Topics

Close