wordpress archivos - SecurityTrooper

0

My first CVE by 2018 CVE-2018-5316

Posted on February 9, 2018 by adm1n

Though the vulnerability I tracked her down last year. Mitre has decided to assign it to me this year 2018. The CVE is based on a Cross-site scripting in the plugin “SagePay Server Gateway for WooCommerce” version 1.0.7. This vulnerability… Continue Reading →

0

Z-URL Preview (XSS) CVE-2017-18012

Posted on December 21, 2017 by adm1n

A few days ago I finally got in touch with the developer of the plugin “Z-URL Preview” where I told him that I had a Cross-site scripting in version 1.6.1. This vulnerability is found in the “url” parameter in the”/wp-content/plugins/z-url-preview/class.… Continue Reading →

0

Wunderbar Basic (XSS)

Posted on December 20, 2017 by adm1n

I continue found XSS into WordPress plugins, in this case the plugin is called “Wunderbar Basic” version 1.1.3. The security bug is found in the “home” parameter in the”wp-content/plugins/wunderbar-basic-wysiwyyg-front-end-editor/wb-adminbar. php” file which, as can be seen in the following capture,… Continue Reading →

0

Pinterest Badge (XSS)

Posted on December 19, 2017 by adm1n

Today I will tell you about another Cross-site scripting that I discovered inside “Pinterest Badge” plugin version 1.8.0. The security fault is found in the “uid” parameter in the”/wp-content/plugins/pinterest-badge/pinterestbadgedetails. php” file which, as can be seen in the following capture,… Continue Reading →

0

WP Mailster (XSS) CVE-2017-17451

Posted on December 18, 2017 by adm1n

Today I will tell you about another Cross-site scripting that I discovered the plugin “WP Mailster” version 1.5.4.0 of the company Brandtoss (https://wpmailster.com/) The security bug is found in the month parameter in the”wp-mailster/view/subscription/unsubscribe2. php” file which, as you can… Continue Reading →

0

Emag Marketplace (XSS) CVE-2017-17043

Posted on December 18, 2017 by adm1n

A new Cross-site scripting is presented to me in the plugin “Emag Marketplace Connector” version 1.0.1 of the company Zitec (https://zitec.com/).

0

Duplicator Migration (XSS) CVE-2017-16815

Posted on December 18, 2017 by adm1n

I keep finding Cross-site scripting in wordpress plugins, I’m going to have to automate it somehow:). In this case in a plugin called “Duplicator Migration” version 1.2.28 (https://es.wordpress.org/plugins/duplicator/) which is active in more than 1 million wordpress and is developed… Continue Reading →

0

2kb Amazon Affiliates Store (XSS) CVE-2017-14622

Posted on December 18, 2017 by adm1n

Cross-site scripting located in the plugin “2kb Amazon Affiliates Store” version 2.1.0 of wordpress (https://es.wordpress.org/plugins/2kb-amazon-affiliates-store/).