The WordPress Spider Event Calendar Plugin, prior to 1.5.51 suffers from a blind SQL injection vulnerability due to improper sanitization of an order_by parameter.
4454658986b01df7747b115a7789ea51bbfcd5b69c667b6f78c6f281074c4d75Transposh WordPress Translation versions 1.0.7 and below suffer from an incorrect authorization vulnerability. When installed, Transposh comes with a set of pre-configured options, one of these is the "Who can translate" setting under the "Settings" tab, which by default allows "Anonymous" users to add translations via the plugin's "tp_translation" ajax action. Successful exploits can allow an unauthenticated attacker to add translations to the WordPress site and thereby influence what is actually shown on the site.
c25e589bc0f339822e669aa5ee336af340896bf3579587f6ad8e5c6ae0691179WordPress versions 5.9 and below suffer from a cross site scripting vulnerability in the author and contributor roles. Per the researcher, WordPress is addressing this in their next release and considers this a medium severity vulnerability.
eb036d4467921c95f77944d1565e15824ae56f7f501944425c1be75fb150f82dWordPress version 4.9.6 arbitrary file deletion exploit. Original discovery of this vulnerability is attributed to VulnSpy in June of 2018.
9e26b80d1679329336158f3cd64555119dd28f5c169070eeb582f83fd788eb26WordPress version 5.7 suffers from a Media Library XML external entity injection vulnerability.
f4d5079185c7b7a82974659421942eaed8b4ed45e1818b1ece7631fe12e92485This paper demonstrates how to insert a backdoor in WordPress to get cleartext passwords anytime that a user logs in.
86a58a7a0e7f76d5a10b4c0f076df6f7acd2ba7b44bb9ce85aa4c428f169ff91Whitepaper called WordPress Security. Written in Turkish.
e49b4b89327b25ec6a9f68b3a1e5349d5d266d462409d6037057a44f027bcec3WordPress is vulnerable to denial of service by abusing XMLRPC API. The system.multicall function lets you batch other API calls. Another API function is pingback.ping, which makes WordPress make a connection out to another site. If you batch a few thousand pingback.ping requests using the multicall feature, you can exhaust a variety of different resources on the server. This PoC will eat through Apache2's worker threads and will also make MySQL eat up more CPU and mem, possibly knocking over low-RAM VPS instances.
6c6fe7a9f5127e081592602ad3e160fb880556efc026bfde16f893df42e1b79dWhen the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters before inserting them inside the wp-config.php file, leading to arbitrary PHP code execution. WARNING: This exploit WILL break the wp-config.php file. If possible try to restore backups of the configuration after the exploit to make the WordPress site work again.
905691265705b4759d72dab396f504f56f641ea40f5dc5bc5702ab0b07cd1d7fWhitepaper called WordPress Penetration Testing Using WPScan and Metasploit. Written in English.
40d6ad648ac7360b313cbb38733b52a8bf9a680e252b22d792e7b8db54f89a9dThis is a whitepaper that provides an overview on WordPress Security. Written in Persian.
d22218ad1594c053cb1ee1157adae795a1d60e443169f78cd2050fa557349319The WordPress Share-On-Diaspora plugin suffers from a cross site scripting vulnerability.
8e341bd07e40327393d27cd430547711351c76ae245dc3d8b5f766e668cfa4fdWordPress (core) 4.6 suffers from an unauthenticated remote code execution condition via an exploitable version of PHPMailer built-in to WordPress code. Exploitation details provided.
3562cc0222ccab73bf32045e3f2bee84233aef4cd3e169a98bcd74a969767f51The WordPress Stanford theme suffers from a cross site scripting vulnerability.
b6ebd8b3e2371a264e06442e5602b62001924bd0dca16efb2961e677a1d53774The WordPress Simple Backup plugin suffers from an arbitrary download vulnerability.
2f1879ea63c04f1d1bdc1146437974cb35370b7761eb8ab23b2cca9b2c380294WordPress Contact Form To Email Plugin suffers from cross site request forgery and cross site scripting vulnerabilities.
2aca5d9a62624deeeede389712066d5e147d5a31e58641761cd32697cfcfbe4aThe WordPress SlideShow Gallery plugin contains an authenticated file upload vulnerability. You can upload arbitrary files to the upload folder, because the plugin also uses it's own file upload mechanism instead of the WordPress API it's possible to upload any file type.
9a7da5312dab92d7b283154818127736540719c6ad6ac81ce02c41aa922cfeb6Multiple WordPress themes suffer from arbitrary file download and file deletion vulnerabilities. Included are Awake, Construct, Dejavu, Echelon, Elegance, Fusion, Infocus, Mega, Method, Modular, MyRiad, Oakrealty, Persuasion, and Binary.
16d3d8d513a0c1a112e5fd02b8f6fb4f3ac05578ecf115db498705d6dbb8c3efThe WordPress Stop User Enumeration plugin version 1.2.4 can be bypassed by using POST requests instead of GET requests.
2dd78ee648a3793edd606581b3bffa990f070dbc5f3063fd92e079140ca7f33aThe WordPress silverOrchid theme by gazpo.com suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
17871129a30d053f15ebe5d29e7c76e76cd180faeff48ceb4f0500e1c251de2fThe WordPress Search N Save plugin suffers from cross site scripting and path disclosure vulnerabilities.
27be47f29fed9d58e63bf72528e3a02636bdb8d109dc731254eb8126a836e678Spider Event Calendar version 1.3.0 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
e1280c273978d2943c741ebee56c227367b4ac94ad923128afa07f35b1146ed6Spider Catalog version 1.4.6 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
37e63ff3e32d65df162db6c051518d4a1fcd556135bdae06ee5a5a69e189c813Wordpress Flagallery-skins plugin suffers from an SQL Injection vulnerability. Note that this advisory has site-specific information.
8e7321e57a191458bb0488828e864521503137f0590d73239395524588a9079fWordPress ProPlayer Plugin version 4.7.9.1 suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
cc97f9fb24702b00b0d44275e740d8353c7449cd7d2b62180d8d38729de371ebSecunia Security Advisory - Sammy Forgit has discovered multiple vulnerabilities in the WordPress Shopping Cart plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
4da9147ee09e09d612eefaf2f09752dc48d274a54b7767ee283ab055296eecdc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed