what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

WordPress Themes File Download / Deletion
Posted Jul 5, 2014
Authored by CaFc Versace

Multiple WordPress themes suffer from arbitrary file download and file deletion vulnerabilities. Included are Awake, Construct, Dejavu, Echelon, Elegance, Fusion, Infocus, Mega, Method, Modular, MyRiad, Oakrealty, Persuasion, and Binary.

tags | exploit, arbitrary, vulnerability
SHA-256 | 16d3d8d513a0c1a112e5fd02b8f6fb4f3ac05578ecf115db498705d6dbb8c3ef

Related Files

WordPress 5.9 Cross Site Scripting
Posted Feb 10, 2022
Authored by Taurus Omar

WordPress versions 5.9 and below suffer from a cross site scripting vulnerability in the author and contributor roles. Per the researcher, WordPress is addressing this in their next release and considers this a medium severity vulnerability.

tags | exploit, xss
SHA-256 | eb036d4467921c95f77944d1565e15824ae56f7f501944425c1be75fb150f82d
WordPress 4.9.6 Arbitrary File Deletion
Posted Oct 25, 2021
Authored by samguy

WordPress version 4.9.6 arbitrary file deletion exploit. Original discovery of this vulnerability is attributed to VulnSpy in June of 2018.

tags | exploit, arbitrary
advisories | CVE-2018-12895
SHA-256 | 9e26b80d1679329336158f3cd64555119dd28f5c169070eeb582f83fd788eb26
WordPress 5.7 Media Library XML Injection
Posted Sep 20, 2021
Authored by David Uton

WordPress version 5.7 suffers from a Media Library XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2021-29447
SHA-256 | f4d5079185c7b7a82974659421942eaed8b4ed45e1818b1ece7631fe12e92485
Backdooring WordPress To Get Cleartext Passwords
Posted Sep 11, 2021
Authored by Rafael Sousa

This paper demonstrates how to insert a backdoor in WordPress to get cleartext passwords anytime that a user logs in.

tags | paper
SHA-256 | 86a58a7a0e7f76d5a10b4c0f076df6f7acd2ba7b44bb9ce85aa4c428f169ff91
WordPress Security
Posted Feb 21, 2020
Authored by Haktan Emik

Whitepaper called WordPress Security. Written in Turkish.

tags | paper
SHA-256 | e49b4b89327b25ec6a9f68b3a1e5349d5d266d462409d6037057a44f027bcec3
WordPress 5.3 Denial Of Service
Posted Jan 14, 2020
Authored by Rory M | Site labs.arcturus.net

WordPress is vulnerable to denial of service by abusing XMLRPC API. The system.multicall function lets you batch other API calls. Another API function is pingback.ping, which makes WordPress make a connection out to another site. If you batch a few thousand pingback.ping requests using the multicall feature, you can exhaust a variety of different resources on the server. This PoC will eat through Apache2's worker threads and will also make MySQL eat up more CPU and mem, possibly knocking over low-RAM VPS instances.

tags | exploit, denial of service
SHA-256 | 6c6fe7a9f5127e081592602ad3e160fb880556efc026bfde16f893df42e1b79d
WordPress Penetration Testing Using WPScan And Metasploit
Posted Oct 5, 2018
Authored by Behrouz Mansoori

Whitepaper called WordPress Penetration Testing Using WPScan and Metasploit. Written in English.

tags | paper
SHA-256 | 40d6ad648ac7360b313cbb38733b52a8bf9a680e252b22d792e7b8db54f89a9d
WordPress Security
Posted Oct 5, 2018
Authored by Behrouz Mansoori

This is a whitepaper that provides an overview on WordPress Security. Written in Persian.

tags | paper
SHA-256 | d22218ad1594c053cb1ee1157adae795a1d60e443169f78cd2050fa557349319
WordPress Core 4.6 Unauthenticated Remote Code Execution
Posted May 5, 2017
Authored by Dawid Golunski | Site legalhackers.com

WordPress (core) 4.6 suffers from an unauthenticated remote code execution condition via an exploitable version of PHPMailer built-in to WordPress code. Exploitation details provided.

tags | exploit, remote, code execution
advisories | CVE-2016-10033
SHA-256 | 3562cc0222ccab73bf32045e3f2bee84233aef4cd3e169a98bcd74a969767f51
WordPress Spider Event Calendar 1.5.51 Blind SQL Injection
Posted Apr 8, 2017
Authored by Manuel Garcia Cardenas

The WordPress Spider Event Calendar Plugin, prior to 1.5.51 suffers from a blind SQL injection vulnerability due to improper sanitization of an order_by parameter.

tags | exploit, sql injection
SHA-256 | 4454658986b01df7747b115a7789ea51bbfcd5b69c667b6f78c6f281074c4d75
WordPress Simple Backup Arbitrary Download
Posted May 19, 2015
Authored by Ashiyane Digital Security Team

The WordPress Simple Backup plugin suffers from an arbitrary download vulnerability.

tags | advisory, arbitrary
SHA-256 | 2f1879ea63c04f1d1bdc1146437974cb35370b7761eb8ab23b2cca9b2c380294
WordPress Contact Form To Email Plugin CSRF / XSS
Posted May 14, 2015
Authored by Ashiyane Digital Security Team

WordPress Contact Form To Email Plugin suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
SHA-256 | 2aca5d9a62624deeeede389712066d5e147d5a31e58641761cd32697cfcfbe4a
WordPress Themes download.php File Disclosure
Posted Dec 24, 2014
Authored by Cleiton Pinheiro

Multiple WordPress themes suffer from an arbitrary file download vulnerability in download.php. These include Ultimatum, Medicate, Centum, Avada, Striking Theme & E-Commerce, cuckootap, IncredibleWP, Ultimatum, Medicate, Centum, Avada, Trinity, Lote27, and Revslider themes.

tags | exploit, arbitrary, php
SHA-256 | 79c86b5eac6b7d9b26307fbc9f51aeb8f4fae1522a59b66fb561d7f899630c1f
Spider Event Calendar 1.3.0 Cross Site Scripting / Path Disclosure / SQL Injection
Posted May 22, 2013
Authored by Janek Vind aka waraxe | Site waraxe.us

Spider Event Calendar version 1.3.0 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | e1280c273978d2943c741ebee56c227367b4ac94ad923128afa07f35b1146ed6
Spider Catalog 1.4.6 Cross Site Scripting / Path Disclosure / SQL Injection
Posted May 22, 2013
Authored by Janek Vind aka waraxe | Site waraxe.us

Spider Catalog version 1.4.6 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 37e63ff3e32d65df162db6c051518d4a1fcd556135bdae06ee5a5a69e189c813
Wordpress Flagallery-Skins SQL Injection
Posted May 22, 2013
Authored by Ashiyane Digital Security Team

Wordpress Flagallery-skins plugin suffers from an SQL Injection vulnerability. Note that this advisory has site-specific information.

tags | exploit, remote, sql injection
SHA-256 | 8e7321e57a191458bb0488828e864521503137f0590d73239395524588a9079f
WordPress ProPlayer Plugin SQL Injection
Posted May 20, 2013
Authored by Ashiyane Digital Security Team

WordPress ProPlayer Plugin version 4.7.9.1 suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information.

tags | exploit, remote, sql injection
SHA-256 | cc97f9fb24702b00b0d44275e740d8353c7449cd7d2b62180d8d38729de371eb
WordPress Rokbox Themes Content Spoofing / XSS
Posted Dec 24, 2012
Authored by MustLive

Multiple WordPress themes by RocketTheme suffer from cross site scripting, path disclosure, and content spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
SHA-256 | b64d5ae444d8cc1bf39555f4b065ea716c63e9ea02efe5949842af75d06a8ff8
WordPress Pingback Port Scanner
Posted Dec 14, 2012
Authored by FireFart

WordPress version 3.5 has the XML-RPC interface enabled by default. This tool uses the Pingback API to perform portscanning.

tags | tool, scanner
systems | unix
SHA-256 | 4e148f46aa9ea85dd8ac723066ebdb2a21047032dde632464b55d619c9359123
WordPress 3.3.2 Cross Site Scripting
Posted Jun 5, 2012
Authored by old man

WordPress version 3.3.2 suffers from double-encoding cross site scripting vulnerability that bypasses the filter for protection.

tags | exploit, xss
SHA-256 | e35bf5a3e7182b22d62980dd79e2f167b39d0fbd8ccba3987c45ff838cb7df5d
WordPress 3.2.2 Stored Cross Site Scripting
Posted May 6, 2012
Authored by L3b-r1'z

WordPress version 3.2.2 may suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2ebcbd38023e368339ade1b119d6971e1e6b68217c6ad6a2682302840b7da0a9
WordPress Bruteforce Script
Posted Apr 29, 2012
Authored by CorryL

This is a simple bash script for bruteforcing WordPress.

tags | cracker, bash
SHA-256 | a04595fb1fae7483302800dc402320dae1656bd040d010c93927bb2d7e92208a
WordPress 3.3.1 Cross Site Request Forgery
Posted Apr 26, 2012
Authored by Ivano Binetti

WordPress version 3.3.1 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2012-1936
SHA-256 | 5d270a4a9e3a00c5614ed575a419579789d3ceb43e92a688e8d88dcec5bf4fff
WordPress Taggator SQL Injection
Posted Apr 6, 2012
Authored by Am!r | Site irist.ir

WordPress Taggator suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f0cbc871c61618f34dfc0d1e3ebaa034b7d5ae5aa10b2623e29bc22148765482
Analyzing WordPress Themes
Posted Mar 27, 2012
Authored by MaXe

This paper is about discovering vulnerabilities inside the files that make up WordPress themes. It also discusses reverse engineering of encoded PHP files, common tools, exploits, and dangerous copyright protection mechanisms.

tags | paper, php, vulnerability
SHA-256 | 0e9255403cc8fbbe8888e17dec0e2b1b5ebd69a0d1a080a0e1dc7ec651035468
Page 1 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close