WordPress versions below 2.6.5 suffer from a stored cross site scripting vulnerability via the RSS Feed Generator.
a96a9de2febd6493265d41274b4ca418a8c2f6e71f2af0621f2067b46cb3230cWordPress version 4.9.6 arbitrary file deletion exploit. Original discovery of this vulnerability is attributed to VulnSpy in June of 2018.
9e26b80d1679329336158f3cd64555119dd28f5c169070eeb582f83fd788eb26WordPress version 5.7 suffers from a Media Library XML external entity injection vulnerability.
f4d5079185c7b7a82974659421942eaed8b4ed45e1818b1ece7631fe12e92485This document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.
6f2b6fbc58bcb6f703bd6d4a439b0bd64de13c645bc50f0f2f21b49152561b36WordPress versions 5.0.0 and 4.9.8 and below remote code execution exploit that leverages path traversal and file inclusion vulnerabilities.
bb6f7aee36ddb293349af62bd1858446988f1a4ecb1355fe08c968139063e05aThis Metasploit module exploits an authentication bypass in the WordPress InfiniteWP Client plugin to log in as an administrator and execute arbitrary PHP code by overwriting the file specified by PLUGIN_FILE. The module will attempt to retrieve the original PLUGIN_FILE contents and restore them after payload execution. If VerifyContents is set, which is the default setting, the module will check to see if the restored contents match the original. Note that a valid administrator username is required for this module. WordPress versions greater than and equal to 4.9 are currently not supported due to a breaking WordPress API change. Tested against 4.8.3.
46fe60790b9bf89534e2a83e420722f916eab06cd0cd0b2036421fb2f052a420WordPress version 5.3 suffers from a username enumeration vulnerability.
617224266959f06915a164de940bc67b50871dfdb40fbe6b480e2dc7741ec028WordPress version 5.2.4 fails to validate an origin header.
3221b6e70ffc3ec1c88a8712fb1a47505186d32fb600ff75143ab8214bae1b44WordPress versions 5.2.3 and below remote cross site host modification proof of concept demo exploit.
1a67567c849803b819562bd468397e980bdac341a6d0c34e47b37bef8c293f41This Metasploit module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and versions below or equal to 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the _wp_attached_file reference during the upload. The second part of the exploit will include this image in the current theme by changing the _wp_page_template attribute when creating a post. This exploit module only works for Unix-based systems currently.
bd1f2d0a7453946a4baa703e14878a8668792a590d2018556e1e736471a78c41WordPress version 5.0.4 with FormCraft plugin version 2.0 suffers from a cross site request forgery vulnerability that can be leveraged to perform a shell upload.
20fa2c83b5c931b82468320628286a4017adfdc722d3d66e7a4045518f19f4d8WordPress versions 4.9.6 and below suffer from an arbitrary file deletion vulnerability.
1589e4eaf271e35db060eff34d24d15cfb71d5bae5799b93614fd17aea098795WordPress version 4.8.2 fails to have an expiration mechanism tied to activation keys allowing for eternal use.
a00c295b2439bee4a8946da0bc86cb2acf8c5173fdf2b8e9ac7d765537d6f141This Metasploit module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to the altered Host header, exploitation is limited to the default virtual host, assuming the header isn't mangled in transit. If the target is running Apache 2.2.32 or 2.4.24 and later, the server may have HttpProtocolOptions set to Strict, preventing a Host header containing parens from passing through, making exploitation unlikely.
928eb6125df4b025be7b68270b411eb5dfb58e8b71a32b25b6ed380ce5e0f241The FTP/SSH form functionality of WordPress was found to be vulnerable to cross site request forgery. WordPress versions 4.5.3 through 4.7.4 are affected.
b97c1f2af9252a37cfcaefbd0f9425ff1c4e40ba1332f9a406279cdaac8df4dbWordPress version 4.5.3 Press This Function suffers from a cross site request forgery vulnerability that can cause a denial of service condition.
de145ef3bc873acf8a99d1111a4fd9c6935562c58f6699d854cbf9913dc87e88WordPress version 4.5.3 Audio Playlist suffers from a cross site scripting vulnerability.
5cc091745546ab8480da313fab64c7a103eba0bafc790d9e14a9171c0134e222Simple PHP proof of concept exploit that demonstrates username enumeration in WordPress versions prior to 4.7.1.
6330d946fbcd5422cc1b6d65d1436107000d78c749ccd76f058efcd3d7c00f83WordPress versions 4.7.0 and 4.7.1 proof of concept code injection exploit.
e60f640d1443f176538466122cef3c157575fe2da2db4b3f9054a1a777e4b294WordPress versions 4.7.0 and 4.7.1 unauthenticated content injection and arbitrary code execution exploit.
232e4017e6444aa64706da95f3acbbd009ec70edd74978bac9795aa0ad3aaca5WordPress versions 4.7.0 and 4.7.1 unauthenticated content injection proof of concept exploit.
a85d2d596c6cdf62b7ccf464b4ae1844c836271401326bfa305b721c24235129WordPress versions 4.7.0 and 4.7.1 REST API post privilege escalation and defacement exploit. Originally vulnerability discovered by Sucuri's research team.
bd58209139b43f7c9b7d2e53c961dfc5458fe627f7b590f162c4620fa054b329WordPress version 4.5.3 suffers from a cross site scripting vulnerability when an uploaded image filename has a malicious payload inserted.
6c769e43df4a37ca6174acc074f7d745829325d0add7f2fe561108492c4e03bfWordPress version 4.5.3 suffers from a path traversal vulnerability in the core ajax handlers.
78a9e8298d6dbe41d508c8f450f6b57d41e9ba8bdefa0dd06867e661676810caEasy Social Share Buttons for WordPress version 3.2.5 suffers from multiple cross site scripting vulnerabilities.
effdeb4ba420bf5d84d9ffd442e8582eb66e5fb009165f4955fae709de944263WordPress versions 4.4 and below leak whether or not a username exists in their login flow.
1fcd8c4fe8a6f66633988433b2ccfbe5217d776751625c4284b08e7c7dd51fe0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed