Blog Posts - Wordpress Security



WordPress Ads In Bottom Right 1.0 Cross Site Scripting

Title: WordPress 'Ads in bottom right' Plugin Version: 1.0 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-16 Download: - https://wordpress.org/plugins/ads-in-bottom-right/ - https://plugins.svn.wordpress.org/ads-in-bottom-righ...
by MondoUnix on Aug 31, 2015

WordPress Author Manager 1.0 Cross Site Scripting

Title: WordPress 'Author Manager' Plugin Version: 1.0 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-16 Download: - https://wordpress.org/plugins/author-manager/ - https://plugins.svn.wordpress.org/author-manager/ Notified Ven...
by MondoUnix on Aug 31, 2015

WordPress 1-Click Retweet/Share/Like 5.2 Cross Site Scripting

Title: WordPress '1-click Retweet/Share/Like' Plugin Version: 5.2 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-21 Download: - https://wordpress.org/plugins/1-click-retweetsharelike/ - https://plugins.svn.wordpress.org/1-clic...
by MondoUnix on Aug 31, 2015

WordPress Chief Editor 3.6.1 Cross Site Scripting

Title: WordPress 'Chief Editor' Plugin Version: 3.6.1 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-17 Download: - https://wordpress.org/plugins/chief-editor/ - https://plugins.svn.wordpress.org/chief-editor/ Notified Vendor/...
by MondoUnix on Aug 31, 2015

WordPress Default Facebook Thumbnails 0.4 Cross Site Scripting

Title: WordPress 'Default Facebook Thumbnails' Plugin Version: 0.4 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-13 Download: - https://wordpress.org/plugins/default-facebook-thumbnail/ - https://plugins.svn.wordpress.org/def...
by MondoUnix on Aug 31, 2015

WordPress Content Grabber 1.0 Cross Site Scripting

Title: WordPress 'Content Grabber' Plugin Version: 1.0 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-14 Download: - https://wordpress.org/plugins/content-grabber/ - https://plugins.svn.wordpress.org/content-grabber/ Notified...
by MondoUnix on Aug 31, 2015

WordPress YouTube Embed plugin Stored XSS

  Details ================ Software: YouTube Embed Version: 3.3.2 Homepage: https://wordpress.org/plugins/youtube-embed/ CVE ID: CVE-2015-6535 (Pending) CWE ID: CWE-79 CVSS: 5.5 (Medium; AV:N/AC:L/Au:S/C:P/I:P/A:N)   Description ===========...
by MondoUnix on Aug 27, 2015

WordPress 4.2.2 Comment form CSRF

Details ================ Software: WordPress Version: 3.8.1,3.8.2,4.2.2 Homepage: http://wordpress.org/ Advisory report: https://security.dxw.com/advisories/comment-form-csrf-allows-admin-impersonation-via-comments-in-wordpress-4-2-2/ CVE: Awaiting a...
by MondoUnix on Aug 26, 2015

Learn How to Improve the Security of Your WordPress Site

WordPress is the most popular blogging platform. There are a lot good free and paid alternatives. WordPress singlehandedly removes all barriers between blogging and website. It is flexible. It is present everywhere. Many top websites to implement Wor...
by ittech on Aug 16, 2015

WordPress Subscribe To Comments 2.1.2 LFI / Code Execution

Details ================ Software: Subscribe to Comments Version: 2.1.2 Homepage: http://wordpress.org/plugins/subscribe-to-comments/ Advisory report: https://security.dxw.com/advisories/admin-only-local-file-inclusion-and-arbitrary-code-execution-in...
by MondoUnix on Aug 14, 2015

WordPress BuddyPress Activity Plus 1.5 CSRF / File Deletion

Details ================ Software: BuddyPress Activity Plus Version: 1.5 Homepage: http://wordpress.org/plugins/buddypress-activity-plus/ Advisory report: https://security.dxw.com/advisories/csrf-and-arbitrary-file-deletion-in-buddypress-activity-plu...
by MondoUnix on Aug 14, 2015

WordPress Download Manager Free 2.7.94 / Pro 4 XSS

# WordPress Download Manager Free 2.7.94 & Pro 4 Authenticated Stored XSS   # Vendor Homepage: http://www.wpdownloadmanager.com # Software Link: https://wordpress.org/plugins/download-manager # Affected Versions: Free 2.7.94 & Pro 4 # Te...
by MondoUnix on Aug 14, 2015

WordPress Mailcwp 1.99 Shell Upload

Title: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-09 Download Site: https://wordpress.org/plugins/mailcwp/ Vendor: CadreWorks Pty Ltd Vendor Notified: 2015-07-09 fixed in v1.
by MondoUnix on Aug 14, 2015

WordPress Mobile Pack 2.1.2 Information Disclosure

# Title: Information Exposure Vulnerability in WordPress Mobile Pack Wordpress Plugin v2.1.2 and below # Submitter: Nitin Venkatesh # Product: WordPress Mobile Pack Wordpress Plugin # Product URL: https://wordpress.org/plugins/wordpress-mobile-pack/...
by MondoUnix on Aug 14, 2015

WordPress Portfolio 1.0 Cross Site Request Forgery

# Title: Cross-Site Request Forgery Vulnerability in Portfolio Plugin Wordpress Plugin v1.0 # Submitter: Nitin Venkatesh # Product: Portfolio Plugin Wordpress Plugin # Product URL: https://wordpress.org/plugins/portfolio-by-lisa-westlund/ # Vulnerabi...
by MondoUnix on Aug 14, 2015

WordPress Count Per Day 3.4 SQL Injection

Advisory ID: HTB23267 Product: Count Per Day WordPress plugin Vendor: Tom Braider Vulnerable Version(s): 3.4 and probably prior Tested Version: 3.4 Advisory Publication: July 1, 2015 [without technical details] Vendor Notification: July 1, 2015 Vendo...
by MondoUnix on Aug 14, 2015

WordPress Paid Memberships Pro 1.8.4.2 Cross Site Scripting

Advisory ID: HTB23264 Product: Paid Memberships Pro WordPress plugin Vendor: Stranger Studios Vulnerable Version(s): 1.8.4.2 and probably prior Tested Version: 1.8.4.2 Advisory Publication: July 1, 2015 [without technical details] Vendor Notification...
by MondoUnix on Aug 14, 2015

WordPress Music Store 1.0.14 Open Redirect

# Title: Open Redirect Vulnerability in Music Store Wordpress Plugin v1.0.14 # Submitter: Nitin Venkatesh # Product: Music Store Wordpress Plugin # Product URL: https://wordpress.org/plugins/music-store/ # Vulnerability Type: URL Redirection to Untru...
by MondoUnix on Aug 14, 2015

WordPress Unite Gallery Lite 1.4.6 CSRF / SQL Injection

# Title: Cross-Site Request Forgery & SQL Injection Vulnerabilities in Unite Gallery Lite Wordpress Plugin v1.4.6 # Submitter: Nitin Venkatesh # Product: Unite Gallery Lite Wordpress Plugin # Product URL: https://wordpress.org/plugins/unite-galle...
by MondoUnix on Aug 14, 2015

WordPress WP Attachment Export 0.2.3 Arbitrary File Download

# Title: Arbitrary File Download in WP Attachment Export Wordpress Plugin v0.2.3 # Submitter: Nitin Venkatesh # Product: WP Attachment Export Wordpress Plugin # Product URL: https://wordpress.org/plugins/wp-attachment-export/ # Vulnerability Type: Ar...
by MondoUnix on Aug 10, 2015


Trending Topics

Close