Tags archives: security

 

0

WordPress SPNbabble 1.4.1 CSRF / XSS

# Title: CSRF/XSS Vulnerability in SPNbabble WP Plugin # Author: Manideep K # CVE-ID: CVE-2014-9339 # Plugin Homepage: https://wordpress.org/plugins/spnbabble/ # Version Affected: 1.4.1 (probably lower versions) # Severity: High   # About Plugin: SPNbabble (http://spnbabble.sitepronews.com) allows users to create an account and post 140 character blogs with urls to send out messages to your followers. [...]

 

0

WordPress DandyID Services ID 1.5.9 CSRF / XSS

# Title: CSRF/XSS Vulnerability in DandyID Services WP Plugin # Author: Manideep K # CVE-ID: CVE-2014-9335 # Plugin Homepage: https://wordpress.org/plugins/dandyid-services/ # Version Affected: 1.5.9 (probably lower versions) # Severity: High   # About Plugin: DandyID is a free service that enables you to connect, manage, and share all of your online identities from a single [...]

 

0

WordPress twitterDash 2.1 CSRF / XSS

************************************************************************************** # Title: CSRF / Stored XSS Vulnerability in twitterDash Wordpress Plugin # Author: Manideep K # CVE-ID: CVE-2014-9368 # Plugin Homepage: https://wordpress.org/plugins/twitterdash/ # Version Affected: 2.1 (probably lower versions) # Severity: High   #About Plugin: twitterDash adds a field on the Dashboard. In this field you find the last(you can define how many) updates [...]

 

0

WordPress iTwitter WP 0.04 CSRF / XSS

# Title: CSRF/XSS Vulnerability in iTwitter WP Plugin # Author: Manideep K # CVE-ID: CVE-2014-9336 # Plugin Homepage: https://wordpress.org/plugins/itwitter/ # Version Affected: 0.04 (probably lower versions) # Severity: High   # Description: # Vulnerable Parameter: itex_t_twitter_username, itex_t_twitter_userpass etc # About Vulnerability: This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an [...]

 

0

WordPress Download Manager Unauthenticated File Upload

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’   class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking   include Msf::HTTP::Wordpress include Msf::Exploit::FileDropper   def initialize(info = {}) super(update_info( info, ‘Name’ => ‘Wordpress Download Manager (download-manager) Unauthenticated File Upload’, ‘Description’ => %q{ The WordPress download-manager plugin contains multiple unauthenticated file [...]

 

0

WordPress WP Symposium 14.11 Shell Upload

#!/usr/bin/python # # Exploit Name: Wordpress WP Symposium 14.11 Shell Upload Vulnerability # # # Vulnerability discovered by Claudio Viviani # # Exploit written by Claudio Viviani # # # 2014-11-27: Discovered vulnerability # 2014-12-01: Vendor Notification (Twitter) # 2014-12-02: Vendor Notification (Web Site) # 2014-12-04: Vendor Notification (E-mail) # 2014-12-11: No Response/Feedback # 2014-12-11: [...]

 

0

WordPress WP Construction Mode 1.91 XSS

Title: WordPress ‘WP Construction Mode’ plugin – XSS Version: 1.91 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/wp-construction-mode/ Contacted vendor: 2014/10/20 —————————————————————-   ## Plugin description: —————————————————————- Set entire website or specific page under construction or maintenance for all viewers except Admin     ## Reflected XSS: —————————————————————- the set_opt parameter is [...]

 

0

WordPress Simple Visitor Stat Cross Site Scripting

Title: WordPress ‘Simple Visitor Stat’ plugin – Stored XSS Reported by: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/simple-visitor-stat/ —————————————————————-   ## Description: —————————————————————- Keep track of your site visitor’s details like Country, IP, Referrer, User Agent, visit time. Its very light plugin that doesn’t effect your page loading speed.Its simple and easy. [...]

 

0

WordPress Timed Popup 1.3 CSRF / XSS

Title: WordPress ‘Timed Popup’ plugin – CSRF/XSS Version: 1.3 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/wp-timed-popup/ Notified WordPress: 2014/11/27 —————————————————————-   ## Description: —————————————————————- WordPress popup is a timed popup box that shows up on your website, and can be used as a call to action to display products, sign up [...]

 

0

WordPress Sliding Social Icons 1.61 CSRF / XSS

Title: WordPress ‘Sliding Social Icons’ plugin – CSRF/XSS Version: 1.61 Reported by: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/sliding-social-icons/ Notified WordPress: 2014/11/27 —————————————————————-   ## Description: —————————————————————- WordPress Sliding Widgets Plugin will help your to create a sliding icon list dynamically where you can place on your website. The icons slide into [...]