Blog Posts - Wordpress Security



WordPress Ultimate Product Catalogue 3.1.2 XSS / CSRF / File Upload

# Exploit Title: Multiple Persistent XSS & CSRF & File Upload on Ultimate Product Catalogue 3.1.2 # Google Dork: inurl:"SingleProduct" intext:"Back to catalogue" intext:"Category", inurl:"/wp-content/plugins/ultima...
by MondoUnix on May 9, 2015

WordPress 4.2.1 XSS / Code Execution

/* Author: @Evex_1337 Title: Wordpress XSS to RCE Description: This Exploit Uses XSS Vulnerabilities in Wordpress Plugins/Themes/Core To End Up Executing Code After The Being Triggered With Administrator Previliged User. ¯\_(ツ)_/¯ Reference: http...
by MondoUnix on May 9, 2015

WordPress Akismet 3.1.1 Cross Site Scripting

# Exploit Title: Wordpress Akismet 3.1.1 Plugin - XSS Vulnerability # Google Dork: inurl:/wp-content/plugins/akismet/akismet.php # Date: 2014-12-29 # Exploit Author: Ehsan Ice # Software Link: https://akismet.com/ , https://wordpress.org/plugins/akis...
by MondoUnix on May 9, 2015

WordPress Embed-Articles 7.0.3 CSRF / XSS

====================================================== CSRF/Stored XSS Vulnerability in embed articles Plugin ======================================================     . contents:: Table Of Content   Overview ========   * Title :...
by MondoUnix on May 9, 2015

WordPress Ad Inserter 1.5.2 CSRF / XSS

================================================================ CSRF/Stored XSS Vulnerability in Ad Inserter Plugin ================================================================     . contents:: Table Of Content   Overview ========...
by MondoUnix on May 9, 2015

WordPress NEX-Forms 3.0 SQL Injection SQLMAP

######################   # Exploit Title : NEX-Forms 3.0 SQL Injection Vulnerability   # Exploit Author : Claudio Viviani   # Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 (Full HomelabIT Vulns Archive) ...
by MondoUnix on Apr 24, 2015

WordPress NEX-Forms 3.0 SQL Injection inurlbr

# AUTOR SCRIPT: Cleiton Pinheiro / Nick: googleINURL # Exploit name: MINI 3xplo1t-SqlMap - WordPress NEX-Forms 3.0 SQL Injection Vulnerability # Type: SQL Injection # Email: inurlbr@gmail.com # Blog: http://blog.inurl.com.br # Twitter: https://twitte...
by MondoUnix on Apr 24, 2015

WordPress Add Link to Facebook Stored Cross Site Scripting

Title: Stored XSS Vulnerability in Add Link to Facebook Wordpress Plugin   Author: Rohit Kumar   Plugin Homepage: http://wordpress.org/extend/plugins/add-link-to-facebook/   Severity: Medium   Version Affected: Version 1.215 and m...
by MondoUnix on Apr 23, 2015

WordPress N-Media Website Contact Form 1.3.4 Shell Upload

######################   # Exploit Title : Wordpress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability   # Exploit Author : Claudio Viviani     # Software Link : https://downloads.wordpress.org/plugin/...
by MondoUnix on Apr 22, 2015

WordPress Video Gallery 2.8 SQL Injection

######################   # Exploit Title : Wordpress Video Gallery 2.8 SQL Injection Vulnerabilitiey   # Exploit Author : Claudio Viviani   # Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery  ...
by MondoUnix on Apr 22, 2015

WordPress MiwoFTP 1.0.5 Cross Site Request Forgery

WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit     Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5   Summary: MiwoFTP is a smart, fast and lightweight file manager plugin that...
by MondoUnix on Apr 22, 2015

WordPress MiwoFTP 1.0.5 CSRF Command Execution

WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Creation Exploit (RCE)     Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5   Summary: MiwoFTP is a smart, fast and lightweight file manager plugi...
by MondoUnix on Apr 22, 2015

WordPress WP Statistics 9.1.2 Cross Site Scripting

=========================================================== Stored XSS Vulnerability in WP Statistics Wordpress Plugin ===========================================================   . contents:: Table Of Content   Overview ========   *...
by MondoUnix on Apr 22, 2015

WordPress Windows Desktop And iPhone Photo Uploader File Upload

################################################################################################## #Exploit Title : Wordpress plugin Windows Desktop and iPhone Photo Uploader arbitrary file upload vulnerbility #Author : Manish Kishan Tanwar AKA error...
by MondoUnix on Apr 16, 2015

WordPress Duplicator 0.5.14 Cross Site Request Forgery / SQL Injection

######################   # Exploit Title : Wordpress Duplicator <= 0.5.14 - SQL Injection & CSRF   # Exploit Author : Claudio Viviani   # Vendor Homepage : http://lifeinthegrid.com/labs/duplicator/   # Software Link : http...
by MondoUnix on Apr 16, 2015

WordPress Fusion Engage Local File Disclosure

Fusion Engage is a commercial wordpress plugin sold by internet marketer (and known scammer) Precious Ngwu to.. I'm actually not sure. Something to do with video embedding.   Anyway, it has a LFD. Here's the relevant code..   function fe_ge...
by MondoUnix on Apr 16, 2015

WordPress Shareaholic 7.6.0.3 Cross Site Scripting

# Exploit Title: Shareaholic 7.6.0.3 XSS # Date: 10-11-2014 # Software Link: https://wordpress.org/plugins/shareaholic/ # Exploit Author: Kacper Szurek # Contact: http://twitter.com/KacperSzurek # Website: http://security.szurek.pl/ # CVE: CVE-2014-9...
by MondoUnix on Apr 8, 2015

WordPress videowhisper-video-presentation v3.31.17 Remote file upload

Title: Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 Author: Larry W. Cashdollar, @_larry0 Date: 2015-03-29 Download Site: https://wordpress.org/plugins/videowhisper-video-presentation/ Vendor: http://w...
by MondoUnix on Apr 3, 2015

WordPress videowhisper-video-conference-integration v4.91.8 Remote file upload v4.91.8

Title: Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8 Author: Larry W. Cashdollar, @_larry0 Date: 2015-03-29 Download Site: https://wordpress.org/support/plugin/videowhisper-video-conference-int...
by MondoUnix on Apr 3, 2015

WordPress Simple Ads Manager SQL Injection

#Vulnerability title: Wordpress plugin Simple Ads Manager - SQL Injection #Product: Wordpress plugin Simple Ads Manager #Vendor: https://profiles.wordpress.org/minimus/ #Affected version: Simple Ads Manager 2.5.94 and 2.5.96 #Download link: https://w...
by MondoUnix on Apr 3, 2015


Trending Topics

Close