Blog Posts - Wordpress Security



Swift Security Bundle Hide WordPress, Firewall, Code Scanner

                                     Demo Click here           ... This is a content summary only. Visit my website full l...
by CoThemes on Jul 31, 2015

WordPress Floating Social Bar 1.1.5 Cross Site Scripting

# Exploit Title: Floating Social Bar 1.1.5 XSS # Date: 09-01-2015 # Software Link: https://wordpress.org/plugins/floating-social-bar/ # Exploit Author: Kacper Szurek # Contact: http://twitter.com/KacperSzurek # Website: http://security.szurek.pl/ # C...
by MondoUnix on Jul 16, 2015

WordPress WP-PowerPlayGallery 3.3 File Upload / SQL Injection

Title: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-27 Download Site: https://wordpress.org/plugins/wp-powerplaygallery Vendor: WP SlideShow Vendor Notifi...
by MondoUnix on Jul 16, 2015

WordPress Plotly 1.0.2 Cross Site Scripting

Details ================ Software: Plotly Version: 1.0.2 Homepage: http://wordpress.org/plugins/wp-plotly/ Advisory report: https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-post...
by MondoUnix on Jul 16, 2015

WordPress Image Export 1.1 Arbitrary File Download

Title: Remote file download vulnerability in Wordpress Plugin image-export v1.1 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-01 Download Site: https://wordpress.org/plugins/image-export Vendor: www.1efthander.com Vendor Notified: 2015-07-05 Ve...
by MondoUnix on Jul 16, 2015

WordPress StageShow 5.0.8 Open Redirect

# Title: Open redirect vulnerability in StageShow Wordpress plugin v5.0.8 # Submitter: Nitin Venkatesh # Product: StageShow Wordpress Plugin # Product URL: https://wordpress.org/plugins/stageshow # Vulnerability Type: URL Redirection to Untrusted Sit...
by MondoUnix on Jul 13, 2015

WordPress Vulcan Theme XSS / Disclosure/ DoS

------------------------- Affected products: -------------------------   Vulnerable are all versions of Vulcan theme for WordPress (in last versions there were fixed only vulnerabilities in TimThumb, but there are still FPD in other php-files).
by MondoUnix on Jul 13, 2015

WordPress ACF Frontend Display Shell Upload

+---------------------------------------------------------------------------+ #[+] Author: TUNISIAN CYBER #[+] Title: WP Plugin Free ACF Frontend Display File Upload Vulnerability #[+] Date: 3-07-2015 #[+] Type: WebAPP #[+] Tested on: KaliLinux #[+]...
by MondoUnix on Jul 13, 2015

WordPress S3Bubble Cloud Video With Adverts / Analytics Arbitrary File Download

# Exploit Title: Wordpress S3Bubble Cloud Video With Adverts & Analytics - Arbitrary File Download # Google Dork: inurl:/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/ # Date: 04/07/2015 # Exploit Author: CrashBandicot @DosPerl # Vendor Ho...
by MondoUnix on Jul 13, 2015

WordPress WP-Ecommerce-Shop-Styling 2.5 File Download

Title: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-05 Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling Vendor: https://profiles.wordpr...
by MondoUnix on Jul 13, 2015

WordPress MDC-Youtube-Downloader 2.1.0 File Disclosure

Title: Remote file download in Wordpress Plugin mdc-youtube-downloader v2.1.0 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-01 Download Site: https://wordpress.org/plugins/mdc-youtube-downloader Vendor: https://profiles.wordpress.org/mukto90/ V...
by MondoUnix on Jul 13, 2015

WordPress Easy2Map-Photos 1.09 SQL Injection

Title: SQL Injection in easy2map-photos wordpress plugin v1.09 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map-photos Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.1.0 Vendo...
by MondoUnix on Jul 13, 2015

WordPress CP Contact Form With Paypal 1.1.5 CSRF / XSS / SQL Injection

# Title: Cross-Site Request Forgery, Cross-Site Scripting and SQL Injection in CP Contact Form with Paypal Wordpress Plugin v1.1.5 # Submitter: Nitin Venkatesh # Product: CP Contact Form with Paypal Wordpress Plugin # Product URL: https://wordpress.o...
by MondoUnix on Jul 13, 2015

WordPress GD bbPress Attachments 2.1 Local File Inclusion

Details ================ Software: GD bbPress Attachments Version: 2.1 Homepage: http://wordpress.org/plugins/gd-bbpress-attachments/ Advisory report: https://security.dxw.com/advisories/local-file-include-vulnerability-in-gd-bbpress-attachments-allo...
by MondoUnix on Jul 13, 2015

WordPress GD bbPress Attachments 2.1 Cross Site Scripting

Details ================ Software: GD bbPress Attachments Version: 2.1 Homepage: http://wordpress.org/plugins/gd-bbpress-attachments/ Advisory report: https://security.dxw.com/advisories/reflected-xss-in-gd-bbpress-attachments-allows-an-attacker-to-d...
by MondoUnix on Jul 13, 2015

WordPress WP-SwimTeam 1.44.10777 Arbitrary File Download

Title: Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-02 Download Site: https://wordpress.org/plugins/wp-swimteam Vendor: Mike Walsh www.MichaelWalsh.org Vendor Notif...
by MondoUnix on Jul 13, 2015

WordPress PictoBrowser 0.3.1 CSRF / XSS

************************************************************************************** # Title: CSRF / Stored XSS Vulnerability in PictoBrowser Wordpress Plugin # Author: Manideep K # CVE-ID: CVE-2014-9392 # Plugin Homepage: https://wordpress.org/plu...
by MondoUnix on Jul 13, 2015

WordPress Twenty Fifteen 4.2.1 Cross Site Scripting

Information -------------------- Advisory by Netsparker. Name: DOM XSS Vulnerability in Twenty Fifteen WordPress Theme Affected Software : WordPress Affected Versions: 4.2.1 and probably below Vendor Homepage : https://wordpress.org/ and https://word...
by MondoUnix on Jul 13, 2015

WordPress Nextend Twitter Connect 1.5.1 Cross Site Scripting

Wordpress “Nextend Twitter Connect” =================================== Document Title: =============== WordPress “Nextend Twitter Connect” Plugin Version: 1.5.1 is vulnerable to Reflected XSS (Cross Site Scripting)   Download URL:  ...
by MondoUnix on Jun 28, 2015

WordPress WP-Instance-Rename 1.0 File Download

Title: Arbitrary File download in wordpress plugin wp-instance-rename v1.0 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-12 Download Site: https://wordpress.org/plugins/wp-instance-rename/ Vendor: Vlajo Vendor Notified: 2015-06-12 Advisory: htt...
by MondoUnix on Jun 28, 2015


Trending Topics

Close