Blog Posts - Xss



WordPress Magic Fields 1 Cross Site Scripting

------------------------------------------------------------------------ Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016   -----...
by MondoUnix on Aug 19, 2016

WordPress Google Maps 2.1.2 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Google Maps WordPress Plugin ------------------------------------------------------------------------ Julien Rentrop, July 2016   ----...
by MondoUnix on Aug 19, 2016

WordPress Welcome Announcement 1.0.5 Cross Site Scripting

##################### # Exploit Title: Wordpress Welcome Announcement Cross Site Scripting # Exploit Author: bl4ck_mohajem # Vendor Homepage: https://wordpress.org/plugins/welcome-announcement/ # Tested On: Windows7 # Software Link: https://downloads...
by MondoUnix on Aug 7, 2016

WordPress Neuvoo-Jobroll 2.0 Cross Site Scripting

###################################################################### # Exploit Title: Wordpress plugin neuvoo-jobroll 2.0 Reflected Cross-Site Scripting (RXSS) # Date: 05/11/2015 # Author: Mickael Dorigny @ Synetis # Vendor or Software Link: http:/...
by MondoUnix on Nov 6, 2015

WordPress Events Made Easy 1.5.49 CSRF / XSS

Plugin link: https://wordpress.org/plugins/events-made-easy/ Active Installs: 10,000+ Version tested: 1.5.49 CVE Reference: Waiting Original advisory: https://www.davidsopas.com/events-made-easy-wordpress-plugin-csrf-persistent-xss/   Events Mad...
by MondoUnix on Nov 1, 2015

WordPress Payment Form For PayPal Pro 1.0.1 XSS

Vulnerability title: Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin CVE: CVE-2015-7666 Vendor: WordPress DWBooster Product: Payment Form for PayPal Pro Affected version: 1.0.1 Fixed version: 1.0.2 Reported by: Ib...
by MondoUnix on Oct 6, 2015

WordPress Easy2Map 1.2.9 Cross Site Scripting

Vulnerability title: A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7668 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Ibéria Medeiros   Vulnerability Details: =======...
by MondoUnix on Oct 6, 2015

WordPress WP-Shop 3.4.3.18 Cross Site Scripting

# Exploit Title: Wordpress wp-shop Cross Site Scripting # Exploit Author: Ashiyane Digital security Team # Vendor Homepage: https://wordpress.org/plugins/wp-shop-original/ # Software Link: https://downloads.wordpress.org/plugin/wp-shop-original.zip #...
by MondoUnix on Sep 21, 2015

WordPress xPinner Lite 2.2 Cross Site Request Forgery / Cross Site Scripting

# Exploit Title: Wordpress xPinner Lite CSRF/XSS # Exploit Author: Ashiyane Digital security Team # Vendor Homepage: https://wordpress.org/plugins/xpinner-lite # Software Link: https://downloads.wordpress.org/plugin/xpinner-lite.zip # Version: 2.2 #...
by MondoUnix on Sep 21, 2015

WordPress ALO EasyMail Newsletter 2.6 CSRF / Cross Site Scripting

# Exploit Title: Wordpress ALO EasyMail Newsletter CSRF/XSS # Exploit Author: Ashiyane Digital Security Team # Vendor Homepage: https://wordpress.org/plugins/alo-easymail/ # Software Link: https://downloads.wordpress.org/plugin/alo-easymail.2.6.00.zi...
by MondoUnix on Sep 21, 2015

WordPress arcResBookingWidget 1.0 Cross Site Scripting

Title: WordPress 'arcResBookingWidget' Plugin Version: 1.0 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-16 Download: - https://wordpress.org/plugins/arcres-booking-engine/ - https://plugins.svn.wordpress.org/arcres-booking-e...
by MondoUnix on Aug 31, 2015

WordPress Flickr Justified Gallery 3.3.6 Cross Site Scripting

Details ================ Software: Flickr Justified Gallery Version: 3.3.6 Homepage: https://wordpress.org/plugins/flickr-justified-gallery/ Advisory report: https://security.dxw.com/advisories/reflected-xss-in-flickr-justified-gallery-could-allows-u...
by MondoUnix on Aug 31, 2015

WordPress F/T/G Social Widgets 1.3.7 Cross Site Scripting

Title: WordPress 'Facebook, Twitter & Google+ Social Widgets' Plugin Version: 1.3.7 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-15 Download: - https://wordpress.org/plugins/facebook-twitter-google-social-widgets/ - http...
by MondoUnix on Aug 31, 2015

WordPress Advance Categorizer 0.3 Cross Site Scripting

Title: WordPress 'Advance Categorizer' Plugin Version: 0.3 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-24 Download: - https://wordpress.org/plugins/advance-categorizer/ - https://plugins.svn.wordpress.org/advance-categorize...
by MondoUnix on Aug 31, 2015

WordPress Ads In Bottom Right 1.0 Cross Site Scripting

Title: WordPress 'Ads in bottom right' Plugin Version: 1.0 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-16 Download: - https://wordpress.org/plugins/ads-in-bottom-right/ - https://plugins.svn.wordpress.org/ads-in-bottom-righ...
by MondoUnix on Aug 31, 2015

WordPress Author Manager 1.0 Cross Site Scripting

Title: WordPress 'Author Manager' Plugin Version: 1.0 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-16 Download: - https://wordpress.org/plugins/author-manager/ - https://plugins.svn.wordpress.org/author-manager/ Notified Ven...
by MondoUnix on Aug 31, 2015

WordPress 1-Click Retweet/Share/Like 5.2 Cross Site Scripting

Title: WordPress '1-click Retweet/Share/Like' Plugin Version: 5.2 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-21 Download: - https://wordpress.org/plugins/1-click-retweetsharelike/ - https://plugins.svn.wordpress.org/1-clic...
by MondoUnix on Aug 31, 2015

WordPress Chief Editor 3.6.1 Cross Site Scripting

Title: WordPress 'Chief Editor' Plugin Version: 3.6.1 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-17 Download: - https://wordpress.org/plugins/chief-editor/ - https://plugins.svn.wordpress.org/chief-editor/ Notified Vendor/...
by MondoUnix on Aug 31, 2015

WordPress YouTube Embed plugin Stored XSS

  Details ================ Software: YouTube Embed Version: 3.3.2 Homepage: https://wordpress.org/plugins/youtube-embed/ CVE ID: CVE-2015-6535 (Pending) CWE ID: CWE-79 CVSS: 5.5 (Medium; AV:N/AC:L/Au:S/C:P/I:P/A:N)   Description ===========...
by MondoUnix on Aug 27, 2015

WordPress Download Manager Free 2.7.94 / Pro 4 XSS

# WordPress Download Manager Free 2.7.94 & Pro 4 Authenticated Stored XSS   # Vendor Homepage: http://www.wpdownloadmanager.com # Software Link: https://wordpress.org/plugins/download-manager # Affected Versions: Free 2.7.94 & Pro 4 # Te...
by MondoUnix on Aug 14, 2015


Trending Topics

Close