Browsing the "wordpress" Tag




WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass ≈ Packet Storm

August 22nd, 2020 📆 | 2789 Views ⚑

Title: Payment bypass Product: WordPress NAB Transact WooCommerce Plugin Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/ Vulnerable Version: 2.1.0 Fixed Version: 2.1.2 CVE Number:

Tagged with:




WordPress Change Login Logo 1.0.1 Persistent Cross Site Scripting ≈ Packet Storm

August 19th, 2020 📆 | 5377 Views ⚑

# Exploit Title: WordPress Change Login Logo Plugin v1.0.1 – Persistent Cross-Site Scripting# Date: 2020-08-18# Vendor Homepage: http://www.boopathirajan.com/# Vendor Changelog:

Tagged with:




WordPress Click To Top 1.2.7 Persistent Cross Site Scripting ≈ Packet Storm

August 19th, 2020 📆 | 7373 Views ⚑

# Exploit Title: WordPress Click to top Plugin v1.2.7 – Persistent Cross-Site Scripting# Date: 2020-08-18# Vendor Homepage: http://wpthemespace.com/# Vendor Changelog:

Tagged with:




WordPress Elegant Testimonial 1.1.6 Persistent Cross Site Scripting ≈ Packet Storm

August 19th, 2020 📆 | 3890 Views ⚑

# Exploit Title: WordPress Elegant Testimonial Plugin v1.1.6 – Persistent Cross-Site Scripting# Date: 2020-08-18# Vendor Homepage: https://noorsplugin.com/# Vendor Changelog: https://wordpress.org/plugins/wp-elegant-testimonial/#developers#

Tagged with:




WordPress Easy Media Download 1.1.4 Cross Site Scripting ≈ Packet Storm

August 18th, 2020 📆 | 3490 Views ⚑

# Exploit Title: WordPress Easy Media Download v1.1.4 – Persistent Cross-Site Scripting# Date: 2020-08-14# Vendor Homepage: https://noorsplugin.com/# Vendor Changelog: https://wordpress.org/plugins/easy-media-download/#developers#

Tagged with:




WordPress NextGen Gallery Sell Photo 1.0.5 Cross Site Scripting ≈ Packet Storm

August 18th, 2020 📆 | 5669 Views ⚑

# Exploit Title: WordPress Plugin NextGen Gallery Sell Photo 1.0.5 – Persistent Cross-Site Scripting# Date: 2020-08-14# Vendor Homepage: https://noorsplugin.com/# Vendor

Tagged with:




WordPress Responsive Lightbox2 1.0.2 Cross Site Scripting ≈ Packet Storm

August 18th, 2020 📆 | 3629 Views ⚑

# Exploit Title: WordPress Responsive Lightbox2 Plugin v1.0.2 – Persistent Cross-Site Scripting# Date: 2020-08-14# Vendor Homepage: https://noorsplugin.com/# Vendor Changelog: https://wordpress.org/plugins/responsive-lightbox2/#developers#

Tagged with:




WordPress Colorbox Lightbox 1.1.2 Cross Site Scripting ≈ Packet Storm

August 18th, 2020 📆 | 6432 Views ⚑

# Exploit Title: WordPress Colorbox Lightbox Plugin v1.1.2 – Persistent Cross-Site Scripting# Date: 2020-08-14# Vendor Homepage: https://noorsplugin.com/# Vendor Changelog:https://wordpress.org/plugins/wp-colorbox/ /#developers#

Tagged with:




WordPress Fancybox Lightbox 1.0.1 Cross Site Scripting ≈ Packet Storm

August 18th, 2020 📆 | 3241 Views ⚑

# Exploit Title: WordPress Fancybox Lightbox Plugin v1.0.1 – Persistent Cross-Site Scripting# Date: 2020-08-14# Vendor Homepage: https://noorsplugin.com/# Vendor Changelog: https://wordpress.org/plugins/wp-fancybox/#developers#

Tagged with:




WordPress Sell Photo 1.0.5 Cross Site Scripting ≈ Packet Storm

August 15th, 2020 📆 | 3619 Views ⚑

# Exploit Title: Sell Photo WordPress Plugin v1.0.5 – Persistent Cross-Site Scripting# Date: 2020-08-14# Vendor Homepage: https://noorsplugin.com/# Vendor Changelog: https://wordpress.org/plugins/sell-photo/#developers#

Tagged with:




WordPress Email Subscribers And Newsletters 4.2.2 SQL Injection ≈ Packet Storm

July 30th, 2020 📆 | 7246 Views ⚑

# Exploit Title: WordPress Plugin Email Subscribers & Newsletters 4.2.2 – ‘hash’ SQL Injection (Unauthenticated)# Google Dork: “Stable tag” inurl:wp-content/plugins/email-subscribers/readme.txt#

Tagged with:




WordPress Maintenance Mode By SeedProd 5.1.1 Cross Site Scripting ≈ Packet Storm

July 30th, 2020 📆 | 2049 Views ⚑

# Exploit Title: WordPress Plugin Maintenance Mode by SeedProd 5.1.1 – Persistent Cross-Site Scripting# Date: 2020-06-22# Vendor Homepage: https://www.seedprod.com/# Vendor

Tagged with:




WordPress NexosReal Estate Theme 1.7 Cross Site Scripting / SQL Injection ≈ Packet Storm

July 23rd, 2020 📆 | 1876 Views ⚑

*]# Exploit Title: WordPress Theme NexosReal Estate 1.7 – ‘search_order’ SQL Injection*]# Google Dork: inurl:/wp-content/themes/nexos/*]# Date: 2020-06-17*]# Exploit Author: Vlad

Tagged with: