Vulnerabilities
Tiny Tiny RSS Blind SQL Injection
$item_id inside process_category_order() is not properly escaped. Then it's used in UPDATE statement.
15-02-2016
2 MIN READ
Vulnerabilities
Huge It Image Gallery 1.7.0 Reflected XSS
$_POST['thumbtext'] and $_POST['linkbutton'] are not escaped inside huge_it_video_gallery_ajax().
08-02-2016
1 MIN READ
Vulnerabilities
Profile Builder 2.2.4 Reflected XSS
$_GET['loginerror'] is not escaped.
02-02-2016
1 MIN READ
Vulnerabilities
Formidable Forms 1.07.11 Blind SQL Injection
`FrmFormsController
26-01-2016
2 MIN READ
Vulnerabilities
Prevent WPScan from scanning
Prevent username enumeration
04-01-2016
5 MIN READ
Vulnerabilities
Simple Ads Manager 2.9.4.116 SQL Injection
$whereClause and $whereClauseT and $whereClauseW and $whereClause2W are not escaped.
30-12-2015
3 MIN READ
Vulnerabilities
Admin Management Xtended 2.4.0 Privilege escalation
Inside almost all wp_ajax function there is no privilege check.
14-12-2015
1 MIN READ
Vulnerabilities
Breezing Forms 1.2.7.30 SQL Injection
Every registered user can access plugin admin interface.
02-12-2015
1 MIN READ
From 0 to pentesting hero
CSV Injection
It may be found on every website that allows for exporting data to CSV format. But how the text format can be used for the attack?
27-03-2019
2 MIN READ