what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

wordpressrss-xss.txt
Posted Nov 25, 2008
Authored by Jeremias Reith

WordPress versions below 2.6.5 suffer from a stored cross site scripting vulnerability via the RSS Feed Generator.

tags | exploit, xss
SHA-256 | a96a9de2febd6493265d41274b4ca418a8c2f6e71f2af0621f2067b46cb3230c

Related Files

WordPress 4.9.6 Arbitrary File Deletion
Posted Oct 25, 2021
Authored by samguy

WordPress version 4.9.6 arbitrary file deletion exploit. Original discovery of this vulnerability is attributed to VulnSpy in June of 2018.

tags | exploit, arbitrary
advisories | CVE-2018-12895
SHA-256 | 9e26b80d1679329336158f3cd64555119dd28f5c169070eeb582f83fd788eb26
WordPress 5.7 Media Library XML Injection
Posted Sep 20, 2021
Authored by David Uton

WordPress version 5.7 suffers from a Media Library XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2021-29447
SHA-256 | f4d5079185c7b7a82974659421942eaed8b4ed45e1818b1ece7631fe12e92485
XML External Entity Via MP3 File Upload On WordPress
Posted Jun 15, 2021
Authored by Vallari Sharma, Archie Midha

This document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.

tags | exploit, proof of concept, file upload
advisories | CVE-2021-29447
SHA-256 | 6f2b6fbc58bcb6f703bd6d4a439b0bd64de13c645bc50f0f2f21b49152561b36
WordPress 5.0.0 Remote Code Execution
Posted Feb 1, 2021
Authored by OUSSAMA Rahali | Site blog.ripstech.com

WordPress versions 5.0.0 and 4.9.8 and below remote code execution exploit that leverages path traversal and file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
advisories | CVE-2019-8943
SHA-256 | bb6f7aee36ddb293349af62bd1858446988f1a4ecb1355fe08c968139063e05a
WordPress InfiniteWP Client Authentication Bypass
Posted Feb 10, 2020
Authored by wvu, WebARX | Site metasploit.com

This Metasploit module exploits an authentication bypass in the WordPress InfiniteWP Client plugin to log in as an administrator and execute arbitrary PHP code by overwriting the file specified by PLUGIN_FILE. The module will attempt to retrieve the original PLUGIN_FILE contents and restore them after payload execution. If VerifyContents is set, which is the default setting, the module will check to see if the restored contents match the original. Note that a valid administrator username is required for this module. WordPress versions greater than and equal to 4.9 are currently not supported due to a breaking WordPress API change. Tested against 4.8.3.

tags | exploit, arbitrary, php
SHA-256 | 46fe60790b9bf89534e2a83e420722f916eab06cd0cd0b2036421fb2f052a420
WordPress 5.3 Username Enumeration
Posted Nov 28, 2019
Authored by sajjadbnd

WordPress version 5.3 suffers from a username enumeration vulnerability.

tags | exploit, info disclosure
SHA-256 | 617224266959f06915a164de940bc67b50871dfdb40fbe6b480e2dc7741ec028
WordPress 5.2.4 Cross Origin Resource Sharing
Posted Oct 29, 2019
Authored by Milad Khoshdel

WordPress version 5.2.4 fails to validate an origin header.

tags | exploit
SHA-256 | 3221b6e70ffc3ec1c88a8712fb1a47505186d32fb600ff75143ab8214bae1b44
WordPress 5.2.3 Remote Cross Site Host Modification
Posted Sep 6, 2019
Authored by Todor Donev

WordPress versions 5.2.3 and below remote cross site host modification proof of concept demo exploit.

tags | exploit, remote, proof of concept
SHA-256 | 1a67567c849803b819562bd468397e980bdac341a6d0c34e47b37bef8c293f41
WordPress 5.0.0 crop-image Shell Upload
Posted Apr 4, 2019
Authored by RIPSTECH Technology, Wilfried Becard | Site metasploit.com

This Metasploit module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and versions below or equal to 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the _wp_attached_file reference during the upload. The second part of the exploit will include this image in the current theme by changing the _wp_page_template attribute when creating a post. This exploit module only works for Unix-based systems currently.

tags | exploit, local, file inclusion
systems | unix
advisories | CVE-2019-8942, CVE-2019-8943
SHA-256 | bd1f2d0a7453946a4baa703e14878a8668792a590d2018556e1e736471a78c41
WordPress FormCraft 2.0 CSRF / Shell Upload
Posted Mar 18, 2019
Authored by KingSkrupellos

WordPress version 5.0.4 with FormCraft plugin version 2.0 suffers from a cross site request forgery vulnerability that can be leveraged to perform a shell upload.

tags | exploit, shell, csrf
SHA-256 | 20fa2c83b5c931b82468320628286a4017adfdc722d3d66e7a4045518f19f4d8
WordPress 4.9.6 Arbitrary File Deletion
Posted Jun 27, 2018
Authored by VulnSpy

WordPress versions 4.9.6 and below suffer from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
advisories | CVE-2018-12895
SHA-256 | 1589e4eaf271e35db060eff34d24d15cfb71d5bae5799b93614fd17aea098795
WordPress 4.8.2 Activation Key Failed Expiry
Posted Oct 6, 2017
Authored by Glyn Wintle

WordPress version 4.8.2 fails to have an expiration mechanism tied to activation keys allowing for eternal use.

tags | exploit
advisories | CVE-2017-14990
SHA-256 | a00c295b2439bee4a8946da0bc86cb2acf8c5173fdf2b8e9ac7d765537d6f141
WordPress PHPMailer Host Header Command Injection
Posted May 17, 2017
Authored by Dawid Golunski, wvu | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to the altered Host header, exploitation is limited to the default virtual host, assuming the header isn't mangled in transit. If the target is running Apache 2.2.32 or 2.4.24 and later, the server may have HttpProtocolOptions set to Strict, preventing a Host header containing parens from passing through, making exploitation unlikely.

tags | exploit, spoof
advisories | CVE-2016-10033
SHA-256 | 928eb6125df4b025be7b68270b411eb5dfb58e8b71a32b25b6ed380ce5e0f241
WordPress Connection Information Cross Site Request Forgery
Posted Apr 20, 2017
Authored by Yorick Koster, Securify B.V.

The FTP/SSH form functionality of WordPress was found to be vulnerable to cross site request forgery. WordPress versions 4.5.3 through 4.7.4 are affected.

tags | exploit, csrf
SHA-256 | b97c1f2af9252a37cfcaefbd0f9425ff1c4e40ba1332f9a406279cdaac8df4db
WordPress 4.5.3 Press This Function CSRF / Denial Of Service
Posted Mar 7, 2017
Authored by Securify B.V., Sipke Mellema

WordPress version 4.5.3 Press This Function suffers from a cross site request forgery vulnerability that can cause a denial of service condition.

tags | exploit, denial of service, csrf
SHA-256 | de145ef3bc873acf8a99d1111a4fd9c6935562c58f6699d854cbf9913dc87e88
WordPress 4.5.3 Audio Playlist Cross Site Scripting
Posted Mar 7, 2017
Authored by Yorick Koster, Securify B.V.

WordPress version 4.5.3 Audio Playlist suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5cc091745546ab8480da313fab64c7a103eba0bafc790d9e14a9171c0134e222
WordPress Username Enumeration
Posted Mar 3, 2017
Authored by Dctor

Simple PHP proof of concept exploit that demonstrates username enumeration in WordPress versions prior to 4.7.1.

tags | exploit, php, proof of concept
advisories | CVE-2017-5487
SHA-256 | 6330d946fbcd5422cc1b6d65d1436107000d78c749ccd76f058efcd3d7c00f83
WordPress 4.7.0 / 4.7.1 Insert PHP Code Injection
Posted Feb 12, 2017
Authored by CrashBandicot

WordPress versions 4.7.0 and 4.7.1 proof of concept code injection exploit.

tags | exploit, proof of concept
SHA-256 | e60f640d1443f176538466122cef3c157575fe2da2db4b3f9054a1a777e4b294
WordPress 4.7.0 / 4.7.1 Content Injection / Code Execution
Posted Feb 2, 2017
Authored by Harsh Jaiswal

WordPress versions 4.7.0 and 4.7.1 unauthenticated content injection and arbitrary code execution exploit.

tags | exploit, arbitrary, code execution
SHA-256 | 232e4017e6444aa64706da95f3acbbd009ec70edd74978bac9795aa0ad3aaca5
WordPress 4.7.0 / 4.7.1 Content Injection Proof Of Concept
Posted Feb 2, 2017
Authored by leonjza

WordPress versions 4.7.0 and 4.7.1 unauthenticated content injection proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | a85d2d596c6cdf62b7ccf464b4ae1844c836271401326bfa305b721c24235129
WordPress 4.7.0 / 4.7.1 REST API Privilege Escalation
Posted Feb 2, 2017
Authored by Dustin Warren

WordPress versions 4.7.0 and 4.7.1 REST API post privilege escalation and defacement exploit. Originally vulnerability discovered by Sucuri's research team.

tags | exploit
SHA-256 | bd58209139b43f7c9b7d2e53c961dfc5458fe627f7b590f162c4620fa054b329
WordPress 4.5.3 Cross Site Scripting
Posted Sep 9, 2016
Authored by Han Sahin

WordPress version 4.5.3 suffers from a cross site scripting vulnerability when an uploaded image filename has a malicious payload inserted.

tags | exploit, xss
SHA-256 | 6c769e43df4a37ca6174acc074f7d745829325d0add7f2fe561108492c4e03bf
WordPress 4.5.3 Core Ajax Handlers Path Traversal
Posted Aug 22, 2016
Authored by Yorick Koster, Securify B.V.

WordPress version 4.5.3 suffers from a path traversal vulnerability in the core ajax handlers.

tags | exploit, file inclusion
SHA-256 | 78a9e8298d6dbe41d508c8f450f6b57d41e9ba8bdefa0dd06867e661676810ca
WordPress Easy Social Share Buttons 3.2.5 XSS
Posted Apr 24, 2016
Authored by Rahul Pratap Singh

Easy Social Share Buttons for WordPress version 3.2.5 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | effdeb4ba420bf5d84d9ffd442e8582eb66e5fb009165f4955fae709de944263
WordPress 4.4 User Enumeration
Posted Dec 11, 2015
Authored by John Martinelli from ISRD.com

WordPress versions 4.4 and below leak whether or not a username exists in their login flow.

tags | advisory, info disclosure
SHA-256 | 1fcd8c4fe8a6f66633988433b2ccfbe5217d776751625c4284b08e7c7dd51fe0
Page 1 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close