December 2017 - SecurityTrooper

0

Z-URL Preview (XSS) CVE-2017-18012

Posted on December 21, 2017 by adm1n

A few days ago I finally got in touch with the developer of the plugin “Z-URL Preview” where I told him that I had a Cross-site scripting in version 1.6.1. This vulnerability is found in the “url” parameter in the”/wp-content/plugins/z-url-preview/class.… Continue Reading →

0

Wunderbar Basic (XSS)

Posted on December 20, 2017 by adm1n

I continue found XSS into WordPress plugins, in this case the plugin is called “Wunderbar Basic” version 1.1.3. The security bug is found in the “home” parameter in the”wp-content/plugins/wunderbar-basic-wysiwyyg-front-end-editor/wb-adminbar. php” file which, as can be seen in the following capture,… Continue Reading →

0

Pinterest Badge (XSS)

Posted on December 19, 2017 by adm1n

Today I will tell you about another Cross-site scripting that I discovered inside “Pinterest Badge” plugin version 1.8.0. The security fault is found in the “uid” parameter in the”/wp-content/plugins/pinterest-badge/pinterestbadgedetails. php” file which, as can be seen in the following capture,… Continue Reading →

0

Send the latest CVEs to your Telegram

Posted on December 18, 2017 by adm1n

In this article I will explain how to create a bot that allows you to be informed of the latest CVEs that are being published at the moment. The first thing we have to do is to install our Telegram… Continue Reading →

0

WP Mailster (XSS) CVE-2017-17451

Posted on December 18, 2017 by adm1n

Today I will tell you about another Cross-site scripting that I discovered the plugin “WP Mailster” version 1.5.4.0 of the company Brandtoss (https://wpmailster.com/) The security bug is found in the month parameter in the”wp-mailster/view/subscription/unsubscribe2. php” file which, as you can… Continue Reading →

0

Emag Marketplace (XSS) CVE-2017-17043

Posted on December 18, 2017 by adm1n

A new Cross-site scripting is presented to me in the plugin “Emag Marketplace Connector” version 1.0.1 of the company Zitec (https://zitec.com/).

0

Duplicator Migration (XSS) CVE-2017-16815

Posted on December 18, 2017 by adm1n

I keep finding Cross-site scripting in wordpress plugins, I’m going to have to automate it somehow:). In this case in a plugin called “Duplicator Migration” version 1.2.28 (https://es.wordpress.org/plugins/duplicator/) which is active in more than 1 million wordpress and is developed… Continue Reading →

0

2kb Amazon Affiliates Store (XSS) CVE-2017-14622

Posted on December 18, 2017 by adm1n

Cross-site scripting located in the plugin “2kb Amazon Affiliates Store” version 2.1.0 of wordpress (https://es.wordpress.org/plugins/2kb-amazon-affiliates-store/).

0

My first Cross-site scripting CVE-2017-9085

Posted on December 18, 2017 by adm1n

By performing a legal web audit (white box) of a client, I found myself in front of a Kodak InSite portal version 8.0.