Blog Posts - Wordpress Security



WordPress Revolution Slider File Upload

###################################################################### # Exploit Title: Wordpress Plugin Revolution Slider - Unrestricted File Upload # Google Dork: Y0ur Brain # Date: 27.03.2015 # Exploit Author: CrashBandicot (@DosPerl) # Vendor Hom...
by MondoUnix on Apr 3, 2015

WordPress Ajax Search Pro Remote Code Execution

------------------------------------------------------------------------------ WordPress ajax-search-pro Plugin Remote Code Execution ------------------------------------------------------------------------------   [-] Plugin Link:   http:/...
by MondoUnix on Mar 30, 2015

WordPress AB Google Map Travel CSRF / XSS

=============================================================================== CSRF/Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin ===============================================================================   . c...
by MondoUnix on Mar 30, 2015

WordPress MP3-Jplayer 2.1 Local File Disclosure

<?php ########################################### #-----------------------------------------# #[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]# #-----------------------------------------# # *----------------------------* # # K |....##...
by MondoUnix on Mar 30, 2015

WordPress InBoundio Marketing Shell Upload

<?php ########################################### #-----------------------------------------# #[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]# #-----------------------------------------# # *----------------------------* # # K |....##...
by MondoUnix on Mar 30, 2015

WordPress Reflex Gallery 3.1.3 Shell Upload

<?php   /* # Exploit Title: Wordpress Plugin Reflex Gallery - Arbitrary File Upload # TIPE: Arbitrary File Upload # Google DORK: inurl:"wp-content/plugins/reflex-gallery/" # Vendor: https://wordpress.org/plugins/reflex-gallery/ # Tes...
by MondoUnix on Mar 21, 2015

WordPress Huge IT Slider 2.6.8 SQL Injection

Advisory ID: HTB23250 Product: Huge IT Slider WordPress Plugin Vendor: Huge-IT Vulnerable Version(s): 2.6.8 and probably prior Tested Version: 2.6.8 Advisory Publication: February 19, 2015 [without technical details] Vendor Notification: February 19,...
by MondoUnix on Mar 14, 2015

WordPress Daily Edition Theme 1.6.2 Cross Site Scripting

*WordPress Daily Edition Theme v1.6.2 XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: WordPress Daily Edition Theme /fiche-disque.php id Parameters XSS Security Vulnerabilities Product: WordPress Daily Edition Theme Vendor: WooThe...
by MondoUnix on Mar 14, 2015

WordPress Security: Fix WordPress wp-config.php improper permissions to protect your sites from Database password steal / Website deface

Keeping WordPress Site / Blog and related installed plugins up-to-date is essential to prevent an attacker to hack into your Site / Database and deface your site, however if you're a company providing shell access from Cpanel / Plesk / Kloxo...

WordPress Fraction Theme 1.1.1 Privilege Escalation

------------------------------------------------------------------------------ WordPress Fraction Theme 1.1.1 Previlage Escalation ------------------------------------------------------------------------------   [-] Theme Link:   http://the...
by MondoUnix on Mar 12, 2015

WordPress Pie Register 2.0.14 Cross Site Scripting

[+]Title: Wordpress Pie Register Plugin 2.0.14 - XSS Vulnerability [+]Author: TUNISIAN CYBER [+]Date: 09/03/2015 [+]Type:WebApp [+]Risk:High [+]Affected Version:All [+]Overview: Pie Register 2.x suffers, from an XSS vulnerability.   [+]Proof Of...
by MondoUnix on Mar 12, 2015

WordPress Plugin Google Analytics by Yoast Stored XSS

Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin   . contents:: Table Of Content   Overview   Title :Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin Author: Kaustubh G. Padwad, Rohit Kumar.
by MondoUnix on Mar 9, 2015

WordPress Admin Shell Upload

## # This module requires Metasploit: http://www.metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require 'msf/core' require 'rex/zip'   class Metasploit3 < Msf::Exploit::Remote Rank = Excell...
by MondoUnix on Mar 5, 2015

WordPress Holding Pattern Theme Arbitrary File Upload

## # This module requires Metasploit: http://www.metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require 'msf/core' require 'socket'   class Metasploit3 < Msf::Exploit::Remote Rank = Excelle...
by MondoUnix on Mar 5, 2015

WordPress Media Cleaner 2.2.6 Cross Site Scripting

# Exploit Title: Wordpress Media Cleaner - XSS # Author: ─░smail SAYGILI # Web Site: www.ismailsaygili.com.tr # E-Mail: iletisim@ismailsaygili.com.tr # Date: 2015-02-26 # Plugin Download: https://downloads.wordpress.org/plugin/wp-media-cleaner.2.2.6.
by MondoUnix on Mar 5, 2015

WordPress Photocrati Theme 4.x.x SQL Injection

# Exploit Title: [ wordpress theme photocrati 4.X.X SQL INJECTION ] # Google Dork: [ Designed by Photocrati ] also [powered by Photocrati] # Date: [23 / 09 / 2011 ] # Exploit Author: [ ayastar ] # Email : dmx-ayastar@hotmail.fr # Software Link: [ htt...
by MondoUnix on Mar 5, 2015

WordPress WP All 3.2.3 Shell Upload

------------------------------------------------------------------------------ WordPress WP All Import Plugin RCE ------------------------------------------------------------------------------   [-] Vulnerability Author:   James Golovich (...
by MondoUnix on Mar 5, 2015

WordPress WooCommerce 2.2.10 Cross Site Scripting

==================================================== Product: WooCommerce WordPress plugin Vendor: WooThemes Tested Version: 2.2.10 Vulnerability Type: Cross-Site Scripting [CWE-79] Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:...
by MondoUnix on Feb 26, 2015

WordPress ADPlugg 1.1.33 Cross Site Scripting

===================================================== Stored XSS Vulnerability in ADPlugg Wordpress Plugin =====================================================   . contents:: Table Of Content   Overview ========   * Title :Stored XSS...
by MondoUnix on Feb 26, 2015

WordPress WPLMS 1.8.4.1 Privilege Escalation

------------------------------------------------------------------------------ WordPress WPLMS Theme Previlege Escalation ------------------------------------------------------------------------------   [-] Author: Evex   http://packetstorm...
by MondoUnix on Feb 18, 2015


Trending Topics

Close