Kacper Szurek - page 16

Kacper Szurek Tags Polish Newsletter About

YouTube Webinary Facebook Twitter

TagsPolishNewsletterAboutYouTubeWebinaryFacebookTwitter

Vulnerabilities

Cart66 Lite WordPress Ecommerce 1.5.1.17 Blind SQL Injection

`Cart66Ajax

1 MIN READ

Vulnerabilities

WP Symposium 14.10 Multiple XSS and SQL Injection

$_POST['text'] is not escaped.

2 MIN READ

Vulnerabilities

Nextend Facebook Connect 1.4.59 XSS

Anyone can change plugin settings.

1 MIN READ

Vulnerabilities

Contact Form to Email 1.01 XSS

Datas are not escaped correctly.

1 MIN READ

Vulnerabilities

Fancy Gallery 1.5.12 Reflected XSS

$_GET['delete'] is not escaped.

1 MIN READ

Vulnerabilities

XCloner Backup and Restore 3.1.1 Backup Download

json_return() function doesn't check admin privileges.

1 MIN READ

Vulnerabilities

Paid Memberships Pro 1.7.14.2 Path Traversal

is_admin() function is used to check priveleges but because this code is run in context of wp-admin/admin-ajax.php this function always evalute to true.

1 MIN READ

Vulnerabilities

Datas from Open End questions are not escaped properly.

1 MIN READ

From 0 to pentesting hero

Reflected File Download

Can you expand the potential attack vector for a larger number of applications?

03-04-2019

3 MIN READ