Tags archives: php

 

0

WordPress WP-Instance-Rename 1.0 File Download

Title: Arbitrary File download in wordpress plugin wp-instance-rename v1.0 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-12 Download Site: https://wordpress.org/plugins/wp-instance-rename/ Vendor: Vlajo Vendor Notified: 2015-06-12 Advisory: http://www.vapid.dhs.org/advisory.php?v=127 Vendor Contact: Description: WordPress Rename plugin allows you to easily rename the complete WordPress installation. This plugin allows you to rename WordPress database, WordPress directory, change every necessary configuration […]

 

0

WordPress Nextend Twitter Connect 1.5.1 Cross Site Scripting

Wordpress “Nextend Twitter Connect” =================================== Document Title: =============== WordPress “Nextend Twitter Connect” Plugin Version: 1.5.1 is vulnerable to Reflected XSS (Cross Site Scripting)   Download URL:   =============   https://wordpress.org/plugins/nextend-twitter-connect/   Release Date:   ============= 2015-06-20   Vulnerability CVE ID:   ===================== CVE-2015-4557   Vulnerability Disclosure Timeline:   ================================== 2015 – 06 – 15 First […]

 

0

WordPress Front-end Editor File Upload

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’   class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking   include Msf::HTTP::Wordpress include Msf::Exploit::FileDropper   def initialize(info = {}) super(update_info( info, ‘Name’ => ‘Wordpress Front-end Editor File Upload’, ‘Description’ => %q{ The Wordpress Front-end Editor plugin contains an authenticated file upload […]

 

0

WordPress Revslider 4.2.2 XSS / Information Disclosure

| # Title : WordPress Revslider 4.2.2 Multi Vulnerability | # Author : indoushka | # email :indoushka4ever@gmail.com | # Dork : inurl:admin-ajax.php?action=revslider_show_image -intext:”revslider_show_image” | # Tested on: windows 8.1 Français V.(Pro) | # Download : http://revolution.themepunch.com/ =======================================   XSS :   http://www.codekom.com//wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka..Give%20me%20your%20wp-config.php   information Disclosure :   http://www.codekom.com/wp-content/plugins/revslider/revslider_admin.php   http://www.codekom.com/wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=get_captions_css   Arbitrary File Download […]

 

0

WordPress Google Analyticator 6.4.9.3 CSRF

# Title: Cross-Site Request Forgery in Google Analyticator Wordpress Plugin v6.4.9.3 before rev @1183563 # Submitter: Nitin Venkatesh # Product: Google Analyticator Wordpress Plugin # Product URL: https://wordpress.org/plugins/google-analyticator/ # Vulnerability Type: Cross-Site Request Forgery [CWE-352] # Affected Versions: v6.4.9.3 before rev @1183563 and possibly earlier # Tested versions: v6.4.9.3 rev @1168849 # Fixed Version: v6.4.9.3 […]

 

0

WordPress NewStatPress 0.9.8 Cross Site Scripting / SQL Injection

# Title: Multiple vulnerabilities in WordPress plugin “NewStatPress” # Author: Adrián M. F. – adrimf85[at]gmail[dot]com # Date: 2015-05-25 # Vendor Homepage: https://wordpress.org/plugins/newstatpress/ # Active installs: 20,000+ # Vulnerable version: 0.9.8 # Fixed version: 0.9.9 # CVE: CVE-2015-4062, CVE-2015-4063   Vulnerabilities (2) =====================   (1) Authenticated SQLi [CWE-89] (CVE-2015-4062) ———————————————–   * CODE: includes/nsp_search.php:94 +++++++++++++++++++++++++++++++++++++++++ for($i=1;$i<=3;$i++) […]

 

0

WordPress Church Admin 0.800 Cross Site Scripting

# Exploit Title: Wordpress church_admin Stored XSS # Date: 21-04-2015 # Exploit Author: woodspeed # Vendor Homepage: https://wordpress.org/plugins/church-admin/ # Version: 0.800 # OSVDB ID : http://www.osvdb.org/show/osvdb/121304 # WPVULNDB ID : https://wpvulndb.com/vulnerabilities/7999 # Category: webapps   1. Description   On the registration form the address field is not validated before returning it to the user. Visiting […]

 

0

WordPress WP Photo Album Plus 6.1.2 Cross Site Scripting

Advisory ID: HTB23257 Product: WP Photo Album Plus WordPress Plugin Vendor: J.N. Breetvelt Vulnerable Version(s): 6.1.2 and probably prior Tested Version: 6.1.2 Advisory Publication: April 29, 2015 [without technical details] Vendor Notification: April 29, 2015 Vendor Patch: April 29, 2015 Public Disclosure: May 20, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2015-3647 Risk Level: […]

 

0

WordPress Encrypted Contact Form 1.0.4 CSRF / XSS

# Title: Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 # Submitter: Nitin Venkatesh # Product: Encrypted Contact Form Wordpress Plugin # Product URL: https://wordpress.org/plugins/encrypted-contact-form/ # Vulnerability Type: Cross-site Request Forgery [CWE-352], Cross-site scripting[CWE-79] # Affected Versions: v1.0.4 and possibly below. # Tested versions: v1.0.4 # Fixed Version: v1.1 # […]

 

0

WordPress Media File Manager Advanced 1.1.5 XSS / SQL Injection

Description   “media-file-manager-advanced” suffers from executing administrator actions by any authenticated user due to weak permissions checking. An attacker can delete/update posts, Creating/Removing/Listing Directories, Moving/Renaming/Deleting Files, Blind SQL Injection and Cross-SiteScripting.   Homepage   https://wordpress.org/plugins/media-file-manager-advanced/   Affected Version   <= 1.1.5   Description   Vulnerability Scope   LFD,SQL,XSS,Site Ruining and Changing of Content.   Authorization […]