SecurityTrooper
SecurityTrooper
Menu Close
  • Home
  • Contact

wordpress

0

My first CVE by 2018 CVE-2018-5316

Posted on February 9, 2018 by adm1n

Though the vulnerability I tracked her down last year. Mitre has decided to assign it to me this year 2018. The CVE is based on a Cross-site scripting in the plugin “SagePay Server Gateway for WooCommerce” version 1.0.7. This vulnerability… Continue Reading →

cve, wordpress, xss cve, CVE-2018-5316, wordpress, XSS
0

Z-URL Preview (XSS) CVE-2017-18012

Posted on December 21, 2017 by adm1n

A few days ago I finally got in touch with the developer of the plugin “Z-URL Preview” where I told him that I had a Cross-site scripting in version 1.6.1. This vulnerability is found in the “url” parameter in the”/wp-content/plugins/z-url-preview/class.… Continue Reading →

plugin, wordpress, xss CVE-2017-18012, plugin, wordpress, XSS
0

Wunderbar Basic (XSS)

Posted on December 20, 2017 by adm1n

I continue found XSS into WordPress plugins, in this case the plugin is called “Wunderbar Basic” version 1.1.3. The security bug is found in the “home” parameter in the”wp-content/plugins/wunderbar-basic-wysiwyyg-front-end-editor/wb-adminbar. php” file which, as can be seen in the following capture,… Continue Reading →

plugin, wordpress, xss plugin, wordpress, XSS
0

Pinterest Badge (XSS)

Posted on December 19, 2017 by adm1n

Today I will tell you about another Cross-site scripting that I discovered inside “Pinterest Badge” plugin version 1.8.0. The security fault is found in the “uid” parameter in the”/wp-content/plugins/pinterest-badge/pinterestbadgedetails. php” file which, as can be seen in the following capture,… Continue Reading →

plugin, wordpress, xss wordpress, XSS
0

WP Mailster (XSS) CVE-2017-17451

Posted on December 18, 2017 by adm1n

Today I will tell you about another Cross-site scripting that I discovered the plugin “WP Mailster” version 1.5.4.0 of the company Brandtoss (https://wpmailster.com/) The security bug is found in the month parameter in the”wp-mailster/view/subscription/unsubscribe2. php” file which, as you can… Continue Reading →

cve, plugin, wordpress, xss CVE-2017-17451, plugin, wordpress, XSS
0

Emag Marketplace (XSS) CVE-2017-17043

Posted on December 18, 2017 by adm1n

A new Cross-site scripting is presented to me in the plugin “Emag Marketplace Connector” version 1.0.1 of the company Zitec (https://zitec.com/).

cve, plugin, wordpress, xss CVE-2017-17043, plugin, wordpress, XSS
0

Duplicator Migration (XSS) CVE-2017-16815

Posted on December 18, 2017 by adm1n

I keep finding Cross-site scripting in wordpress plugins, I’m going to have to automate it somehow:). In this case in a plugin called “Duplicator Migration” version 1.2.28 (https://es.wordpress.org/plugins/duplicator/) which is active in more than 1 million wordpress and is developed… Continue Reading →

cve, plugin, wordpress, xss cve, CVE-2017-16815, plugin, wordpress
0

2kb Amazon Affiliates Store (XSS) CVE-2017-14622

Posted on December 18, 2017 by adm1n

Cross-site scripting located in the plugin “2kb Amazon Affiliates Store” version 2.1.0 of wordpress (https://es.wordpress.org/plugins/2kb-amazon-affiliates-store/).

cve, plugin, wordpress, xss CVE-2017-14622, plugin, wordpress, XSS
  • EspaƱol
  • English
Vulnerabilities repository in Packet Storm

Recent Posts

  • Cross Site Scripting (XSS) Reflected in one of the subdomains of “General Motors”(Bugbounty)
  • Smush Image 2.7.4.1 Directory Traversal CVE-2017-15079
  • My first CVE by 2018 CVE-2018-5316
  • Z-URL Preview (XSS) CVE-2017-18012
  • Wunderbar Basic (XSS)

Recent Comments

    Categories

    • BotFather
    • cve
    • directory transversal
    • plugin
    • Python
    • Telegram
    • Uncategorized
    • wordpress
    • xss
    © 2025 SecurityTrooper. All rights reserved.
    Hiero by aThemes