I’ll talk about a Directory Traversa that I found in a well-known plugin but I have to say that it’s a bit limited because it only lists folders. Here’s a video where I made a POC I’m sorry I didn’t… Continue Reading
Though the vulnerability I tracked her down last year. Mitre has decided to assign it to me this year 2018. The CVE is based on a Cross-site scripting in the plugin “SagePay Server Gateway for WooCommerce” version 1.0.7. This vulnerability… Continue Reading
A few days ago I finally got in touch with the developer of the plugin “Z-URL Preview” where I told him that I had a Cross-site scripting in version 1.6.1. This vulnerability is found in the “url” parameter in the”/wp-content/plugins/z-url-preview/class.… Continue Reading
I continue found XSS into WordPress plugins, in this case the plugin is called “Wunderbar Basic” version 1.1.3. The security bug is found in the “home” parameter in the”wp-content/plugins/wunderbar-basic-wysiwyyg-front-end-editor/wb-adminbar. php” file which, as can be seen in the following capture,… Continue Reading
Today I will tell you about another Cross-site scripting that I discovered inside “Pinterest Badge” plugin version 1.8.0. The security fault is found in the “uid” parameter in the”/wp-content/plugins/pinterest-badge/pinterestbadgedetails. php” file which, as can be seen in the following capture,… Continue Reading
Today I will tell you about another Cross-site scripting that I discovered the plugin “WP Mailster” version 126.96.36.199 of the company Brandtoss (https://wpmailster.com/) The security bug is found in the month parameter in the”wp-mailster/view/subscription/unsubscribe2. php” file which, as you can… Continue Reading
A new Cross-site scripting is presented to me in the plugin “Emag Marketplace Connector” version 1.0.1 of the company Zitec (https://zitec.com/).
I keep finding Cross-site scripting in wordpress plugins, I’m going to have to automate it somehow:). In this case in a plugin called “Duplicator Migration” version 1.2.28 (https://es.wordpress.org/plugins/duplicator/) which is active in more than 1 million wordpress and is developed… Continue Reading
Cross-site scripting located in the plugin “2kb Amazon Affiliates Store” version 2.1.0 of wordpress (https://es.wordpress.org/plugins/2kb-amazon-affiliates-store/).