Though the vulnerability I tracked her down last year. Mitre has decided to assign it to me this year 2018. The CVE is based on a Cross-site scripting in the plugin “SagePay Server Gateway for WooCommerce” version 1.0.7. This vulnerability… Continue Reading
Today I will tell you about another Cross-site scripting that I discovered the plugin “WP Mailster” version 18.104.22.168 of the company Brandtoss (https://wpmailster.com/) The security bug is found in the month parameter in the”wp-mailster/view/subscription/unsubscribe2. php” file which, as you can… Continue Reading
A new Cross-site scripting is presented to me in the plugin “Emag Marketplace Connector” version 1.0.1 of the company Zitec (https://zitec.com/).
I keep finding Cross-site scripting in wordpress plugins, I’m going to have to automate it somehow:). In this case in a plugin called “Duplicator Migration” version 1.2.28 (https://es.wordpress.org/plugins/duplicator/) which is active in more than 1 million wordpress and is developed… Continue Reading
Cross-site scripting located in the plugin “2kb Amazon Affiliates Store” version 2.1.0 of wordpress (https://es.wordpress.org/plugins/2kb-amazon-affiliates-store/).