exploit the possibilities
Showing 1 - 25 of 100 RSS Feed


WordPress Spider Event Calendar 1.5.51 Blind SQL Injection
Posted Apr 8, 2017
Authored by Manuel Garcia Cardenas

The WordPress Spider Event Calendar Plugin, prior to 1.5.51 suffers from a blind SQL injection vulnerability due to improper sanitization of an order_by parameter.

tags | exploit, sql injection
MD5 | 5944f9732da6dd94f731a0232d23aa59

Related Files

WordPress Snap Creek Duplicator Code Injection
Posted Dec 12, 2018
Authored by Thomas Chauchefoin, Julien Legras | Site metasploit.com

When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters before inserting them inside the wp-config.php file, leading to arbitrary PHP code execution. WARNING: This exploit WILL break the wp-config.php file. If possible try to restore backups of the configuration after the exploit to make the WordPress site work again.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2018-17207
MD5 | 3e9bb4227872fd85077a0576d93fc20f
WordPress Share-On-Diaspora Cross Site Scripting
Posted Aug 18, 2017
Authored by APA Golestan

The WordPress Share-On-Diaspora plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1c0a600c9f6a0a47943a2a57744fe943
WordPress Stanford Theme Cross Site Scripting
Posted Jan 7, 2016
Authored by Sha4yan

The WordPress Stanford theme suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 76a07029058aede4dc19488f678f0fc2
WordPress Simple Backup Arbitrary Download
Posted May 19, 2015
Authored by Ashiyane Digital Security Team

The WordPress Simple Backup plugin suffers from an arbitrary download vulnerability.

tags | advisory, arbitrary
MD5 | 75eb554da0e562cc0b1b26427214d9b7
WordPress SlideShow Gallery Authenticated File Upload
Posted Apr 20, 2015
Authored by Jesus Ramirez Pichardo | Site metasploit.com

The WordPress SlideShow Gallery plugin contains an authenticated file upload vulnerability. You can upload arbitrary files to the upload folder, because the plugin also uses it's own file upload mechanism instead of the WordPress API it's possible to upload any file type.

tags | exploit, arbitrary, file upload
advisories | CVE-2014-5460
MD5 | bed8ce8d9e0bf1129e31a3a28f54f9ea
WordPress Stop User Enumeration 1.2.4 Bypass
Posted Feb 3, 2014
Authored by Andrew Horton (urbanadventurer) | Site morningstarsecurity.com

The WordPress Stop User Enumeration plugin version 1.2.4 can be bypassed by using POST requests instead of GET requests.

tags | exploit, bypass
MD5 | 622fcec0bc866f10c400f9581647461c
WordPress silverOrchid Cross Site Scripting
Posted Aug 28, 2013
Authored by Ashiyane Digital Security Team

The WordPress silverOrchid theme by gazpo.com suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | a9e1fd3be6519722af1cb148c1ec72b8
WordPress Search N Save XSS / Path Disclosure
Posted Jul 7, 2013
Authored by MustLive

The WordPress Search N Save plugin suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | a603a13fc02c05465f0e13d7c2adbfc7
Secunia Security Advisory 51690
Posted Jan 2, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered multiple vulnerabilities in the WordPress Shopping Cart plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
MD5 | 0052dd955e6f75f379c98fda5379f4ef
WordPress Simple Forum Shell Upload
Posted Aug 27, 2012
Authored by Mr.Cicili

The WordPress Simple Forum third party plugin suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 9106b7f6763c6cf4e39fc2e53d52eff4
WordPress Slideshow Gallery 2 Cross SIte Scripting
Posted Jan 26, 2012
Authored by Bret Hawk

The WordPress Slideshow Gallery 2 plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 91cae6df5ed6521b4bdc54a6a18fad0d
WordPress 3.3 Cross Site Scripting
Posted Jan 2, 2012
Authored by Aditya Modha, Samir Shah

WordPress version 3.3 suffers from a cross site scripting vulnerability during a 500 response when flagging a comment as a duplicate.

tags | exploit, xss
systems | linux
MD5 | 118982043e3b0cc5c45e8d1ab8965508
WordPress Pretty Link 1.5.2 Cross Site Scripting
Posted Dec 6, 2011
Authored by Am!r | Site irist.ir

WordPress Pretty Link plugin version 1.5.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3e75143a16a9c672d13c26a66310f948
WordPress Skysa Official 1.01 / 1.02 / 1.03 Cross Site Scripting
Posted Nov 28, 2011
Authored by Am!r | Site irist.ir

The WordPress Skysa-Official plugin versions 1.01 through 1.03 suffer from a cross site scripting vulnerability. The vendor fixed this quickly once made aware of the issue and version 1.04 fixes the problem.

tags | exploit, xss
MD5 | 4b06ac6a4026a7cb575e63fa7bf39806
WordPress AES-Edition 0.0.2
Posted Nov 25, 2011
Authored by Skraps | Site code.google.com

WordPress AES-Edition is a modified version of WordPress that implements use of AES.

tags | web
MD5 | b3fd765d90474e7082ce47c257e96ee1
WordPress Classipress Theme 3.1.4 Cross Site Scripting
Posted Oct 30, 2011
Authored by Paul Loftness

WordPress Classipress Theme versions 3.1.4 and below suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | 0409fa57d2c45c830e98188edfa93f6c
WordPress WP Glossary SQL Injection
Posted Oct 30, 2011
Authored by longrifle0x

The WordPress WP Glossary plugin suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ff662889ee4484b033b7aae459318f80
WordPress Clickjacking
Posted Sep 23, 2011
Authored by Andrew Horton (urbanadventurer) | Site security-assessment.com

This advisory is the result of research into how clickjacking can be leveraged and is the first published clickjacking exploit against a popular web application to gain OS command execution. WordPress is a web application used to create a website or blog. The WordPress Admin panel can be clickjacked to install an arbitrary plugin from the WordPress plugin archive which leads to arbitrary PHP code installation and subsequently OS command execution. Versions of WordPress prior to 3.1.3 are vulnerable to clickjacking. WordPress has had clickjacking protection since May, 2011 with the release of version 3.1.3, however no specific threat or exploit has been published.

tags | advisory, web, arbitrary, php
MD5 | e2abac98d6f8c708eef84b5e166ca4e1
WordPress 3.1.2 Clickjacking
Posted Sep 22, 2011
Authored by Andrew Horton (urbanadventurer) | Site security-assessment.com

WordPress versions 3.1.2 and below clickjacking exploit that was part of an OWASP presentation on September 20th, 2011 in Wellington, New Zealand.

tags | exploit
MD5 | 1688b6eaa86b161c91dd0d6b4158f460
WordPress Block-Spam-By-Math-Reloaded Plugin Bypass
Posted Aug 21, 2011
Authored by Tiago Ferreira, Heyder Andrade | Site metasploit.com

WordPress authentication brute force and user enumeration utility for Metasploit.

tags | exploit
advisories | CVE-2009-2335, OSVDB-55713
MD5 | 4e2ca78fc2d8a5f206798b7962d0719d
WordPress St Newsletter File Upload
Posted Aug 12, 2011
Authored by failed404

The WordPress St Newsletter plugin suffers from a shell upload vulnerability.

tags | exploit, shell
MD5 | 15d9589a9fbab665895597018129c59e
WordPress 2.6 / 3.x User Enumeration
Posted May 26, 2011
Authored by Veronica Valeros | Site talsoft.com.ar

WordPress versions 2.6, 3.1, 3.1.1, 3.1.3, and 3.2-beta2 suffer from a remote user enumeration vulnerability. Proof of concept is provided.

tags | exploit, remote, proof of concept
systems | linux
MD5 | f0552de323e7ca6af87d42a6997e0ed7
WordPress Dump Exposure
Posted May 14, 2011
Authored by John Jacobs

It appears that many WordPress instances may have publicly available dumps of their content due to the use of DB-XML.

tags | advisory
MD5 | 2365fefb1b951ce69be3ed554bf990b6
WordPress User Enumeration
Posted Apr 25, 2011
Authored by Xecuti0N3r

The messaging used in failed login attempts in WordPress allows for user enumeration.

tags | exploit
MD5 | e1ad101cb09eb26a37376c4f3bf8d3a1
WordPress Spellchecker Local File Inclusion / Remote File Inclusion
Posted Apr 11, 2011
Authored by Dr Trojan

The WordPress Spellchecker plugin suffers from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
MD5 | c0ac9432a6eadaf34708979b64b80033
Page 1 of 4

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    0 Files
  • 3
    Apr 3rd
    0 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2016 Packet Storm. All rights reserved.

Security Services
Hosting By