SecurityTrooper

SecurityTrooper
Menu Close
  • Home
  • Conctact
0

Cross Site Scripting (XSS) Reflected in one of the subdomains of “General Motors”(Bugbounty)

Posted on December 6, 2020 by adm1n

In this post I show you how I found a Cross Site Scripting (XSS) Reflected in one of the subdomains of “General Motors”. The first thing to make clear is that a company that is affiliated to a BugBounty program… Continue Reading →

Uncategorized
0

Smush Image 2.7.4.1 Directory Traversal CVE-2017-15079

Posted on February 9, 2018 by adm1n

I’ll talk about a Directory Traversa that I found in a well-known plugin but I have to say that it’s a bit limited because it only lists folders. Here’s a video where I made a POC I’m sorry I didn’t… Continue Reading →

directory transversal, xss CVE-2017-15079, directory transversal, wordpress
0

My first CVE by 2018 CVE-2018-5316

Posted on February 9, 2018 by adm1n

Though the vulnerability I tracked her down last year. Mitre has decided to assign it to me this year 2018. The CVE is based on a Cross-site scripting in the plugin “SagePay Server Gateway for WooCommerce” version 1.0.7. This vulnerability… Continue Reading →

cve, wordpress, xss cve, CVE-2018-5316, wordpress, XSS
0

Z-URL Preview (XSS) CVE-2017-18012

Posted on December 21, 2017 by adm1n

A few days ago I finally got in touch with the developer of the plugin “Z-URL Preview” where I told him that I had a Cross-site scripting in version 1.6.1. This vulnerability is found in the “url” parameter in the”/wp-content/plugins/z-url-preview/class.… Continue Reading →

plugin, wordpress, xss CVE-2017-18012, plugin, wordpress, XSS
0

Wunderbar Basic (XSS)

Posted on December 20, 2017 by adm1n

I continue found XSS into WordPress plugins, in this case the plugin is called “Wunderbar Basic” version 1.1.3. The security bug is found in the “home” parameter in the”wp-content/plugins/wunderbar-basic-wysiwyyg-front-end-editor/wb-adminbar. php” file which, as can be seen in the following capture,… Continue Reading →

plugin, wordpress, xss plugin, wordpress, XSS
0

Pinterest Badge (XSS)

Posted on December 19, 2017 by adm1n

Today I will tell you about another Cross-site scripting that I discovered inside “Pinterest Badge” plugin version 1.8.0. The security fault is found in the “uid” parameter in the”/wp-content/plugins/pinterest-badge/pinterestbadgedetails. php” file which, as can be seen in the following capture,… Continue Reading →

plugin, wordpress, xss wordpress, XSS
0

Send the latest CVEs to your Telegram

Posted on December 18, 2017 by adm1n

In this article I will explain how to create a bot that allows you to be informed of the latest CVEs that are being published at the moment. The first thing we have to do is to install our Telegram… Continue Reading →

BotFather, Python, Telegram api, BotFather, python, telegram
0

WP Mailster (XSS) CVE-2017-17451

Posted on December 18, 2017 by adm1n

Today I will tell you about another Cross-site scripting that I discovered the plugin “WP Mailster” version 1.5.4.0 of the company Brandtoss (https://wpmailster.com/) The security bug is found in the month parameter in the”wp-mailster/view/subscription/unsubscribe2. php” file which, as you can… Continue Reading →

cve, plugin, wordpress, xss CVE-2017-17451, plugin, wordpress, XSS
0

Emag Marketplace (XSS) CVE-2017-17043

Posted on December 18, 2017 by adm1n

A new Cross-site scripting is presented to me in the plugin “Emag Marketplace Connector” version 1.0.1 of the company Zitec (https://zitec.com/).

cve, plugin, wordpress, xss CVE-2017-17043, plugin, wordpress, XSS
0

Duplicator Migration (XSS) CVE-2017-16815

Posted on December 18, 2017 by adm1n

I keep finding Cross-site scripting in wordpress plugins, I’m going to have to automate it somehow:). In this case in a plugin called “Duplicator Migration” version 1.2.28 (https://es.wordpress.org/plugins/duplicator/) which is active in more than 1 million wordpress and is developed… Continue Reading →

cve, plugin, wordpress, xss cve, CVE-2017-16815, plugin, wordpress

Post navigation

Older Articles
  • EspaƱol
  • English
Vulnerabilities repository in Packet Storm

Recent Posts

  • Cross Site Scripting (XSS) Reflected in one of the subdomains of “General Motors”(Bugbounty)
  • Smush Image 2.7.4.1 Directory Traversal CVE-2017-15079
  • My first CVE by 2018 CVE-2018-5316
  • Z-URL Preview (XSS) CVE-2017-18012
  • Wunderbar Basic (XSS)

Recent Comments

    Categories

    • BotFather
    • cve
    • directory transversal
    • plugin
    • Python
    • Telegram
    • Uncategorized
    • wordpress
    • xss
    © 2023 SecurityTrooper. All rights reserved.
    Hiero by aThemes