Tags archives: php

 

0

WordPress ADPlugg 1.1.33 Cross Site Scripting

===================================================== Stored XSS Vulnerability in ADPlugg Wordpress Plugin =====================================================   . contents:: Table Of Content   Overview ========   * Title :Stored XSS Vulnerability in ADPlugg Wordpress Plugin * Author: Kaustubh G. Padwad * Plugin Homepage: https://wordpress.org/plugins/adplugg/ * Severity: Medium * Version Affected: 1.1.33 and mostly prior to it * Version Tested : 1.1.33 * [...]

 

0

WordPress WooCommerce 2.2.10 Cross Site Scripting

==================================================== Product: WooCommerce WordPress plugin Vendor: WooThemes Tested Version: 2.2.10 Vulnerability Type: Cross-Site Scripting [CWE-79] Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Solved in version 2.2.11 Discovered and Provided: Eric Flokstra – ITsec Security Services ==================================================== [-] About the Vendor:   WooCommerce is a popular open source WordPress e-commerce plugin with around [...]

 

0

PHP DateTime Use-After-Free

#Use After Free Vulnerability in unserialize() with DateTime* [CVE-2015-0273]   Taoguang Chen <[@chtg](http://github.com/chtg)> – Write Date: 2015.1.29 – Release Date: 2015.2.20   > A use-after-free vulnerability was discovered in unserialize() with DateTime/DateTimeZone/DateInterval/DatePeriod objects’s __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.   Affected Versions ———— Affected [...]

 

0

PHP DateTimeZone Type Confusion Infoleak

#Type Confusion Infoleak Vulnerability in unserialize() with DateTimeZone   Taoguang Chen <[@chtg](http://github.com/chtg)> – Write Date: 2015.1.29 – Release Date: 2015.2.20   > A Type Confusion Vulnerability was discovered in unserialize() with DateTimeZone object’s __wakeup() magic method that can be abused for leaking arbitrary memory blocks.   Affected Versions ———— Affected is PHP 5.6 < 5.6.6 [...]

 

0

WordPress Google Doc Embedder 2.5.18 Cross Site Scripting

Title: WordPress ‘Google Doc Embedder’ plugin – XSS Version: 2.5.18 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015/01/26 Download: https://wordpress.org/plugins/google-document-embedder/ Contacted WordPress: 2015/01/26 ==========================================================   ## Description: ========================================================== Lets you embed PDF, MS Office, and many other file types in a web page using the free Google Docs Viewer (no Flash or PDF browser [...]

 

0

WordPress Spider Facebook 1.0.10 Cross Site Scripting

Title: WordPress ‘WordPress Facebook’ plugin – XSS Version: 1.0.10 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015/01/26 Download: https://wordpress.org/plugins/spider-facebook/ Contacted WordPress: 2015/01/26 ==========================================================   ## Description: ========================================================== Spider Facebook is a WordPress integration tool for Facebook.It includes all the available Facebook social plugins and widgets to be added to your web   ## XSS: [...]

 

0

WordPress Redirection Page 1.2 CSRF / XSS

Title: WordPress ‘Redirection Page’ CSRF/XSS Version: 1.2 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015-01-26 Download: https://wordpress.org/plugins/redirection-page/ Contacted WordPress: 2015-01-26 ==========================================================   ## Plugin description: ========================================================== Redirect your specified pages, it is usefull when you have 404/not-found pages. Go to Settings Page to start redirection.   ## CSRF: ========================================================== It is possible to change [...]

 

0

WordPress Cross Slide 2.0.5 Cross Site Request Forgery / Cross Site Scripting

Title: WordPress ‘Cross Slide’ plugin – XSS/CSRF Version: 2.0.5 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015/01/26 Download: https://wordpress.org/plugins/crossslide-jquery-plugin-for-wordpress/ Contacted WordPress: 2015/01/26 ==========================================================   ## Plugin description: ========================================================== The CrossSlide jQuery plugin for WordPress is designed to quickly add the JS and CSS requirements to operate the jQuery slideshow.   ## CSRF: ========================================================== It [...]

 

0

WordPress Mobile Domain 1.5.2 Cross Site Request Forgery / Cross Site Scripting

Title: WordPress ‘Mobile Domain’ CSRF/XSS Version: 1.5.2 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015/01/26 Download: https://wordpress.org/plugins/mobile-domain/ Contacted WordPress: 2015/01/26 ==========================================================   ## Description: ========================================================== Redirect WordPress blog from desktop domain to mobile subdomain and create Mobile XML Sitemap.   ## CSRF: ========================================================== It is possible to change the plugins admin settings by tricking [...]

 

0

WordPress WPLMS 1.8.4.1 Privilege Escalation

—————————————————————————— WordPress WPLMS Theme Previlege Escalation ——————————————————————————   [-] Author: Evex   http://packetstormsecurity.com/user/evex/ twitter: https://twitter.com/Evexola   [-] Theme Link:   http://themeforest.net/item/wplms-learning-management-system/6780226   [-] Affected Version:   Version 1.8.4.1   [-] Vulnerability Description:   The vulnerable code is located in the /includes/func.php script:   add_action( ‘wp_ajax_import_data’, ‘import_data’ ); function import_data(){ $name = stripslashes($_POST['name']); $code = base64_decode(trim($_POST['code'])); [...]