Vulnerabilities
DukaPress 2.5.2 Path Traversal
REQUEST['src'] is passed directly into file_get_contents function.
13-11-2014
1 MIN READ
Vulnerabilities
Google Doc Embedder 2.5.14 SQL Injection
$_GET['gpid'] is not escaped.
11-11-2014
1 MIN READ
Vulnerabilities
Contact Form Maker 1.7.18 XSS
_form_makercfm() is accessible for every registered user.
09-11-2014
1 MIN READ
Vulnerabilities
Link Library 5.8.10.6 Reflected XSS
$_GET['searchll'] is not escaped.
08-11-2014
1 MIN READ
Vulnerabilities
WP Photo Album Plus 5.4.17 Reflected XSS
$_GET['walbum'] is not escaped.
06-11-2014
1 MIN READ
Vulnerabilities
WordPress Smart Forms 2.1.0 XSS
_rednao_smart_forms_save_formvalues function is accessible for everyone through admin-ajax.php
06-11-2014
2 MIN READ
Vulnerabilities
Ninja Forms 2.8.6 Reflected XSS
$_REQUEST['update_message'] is not escaped.
06-11-2014
1 MIN READ
Vulnerabilities
WP Contact Bank Standard Edition 2.0.69 XSS
Datas from checkboxes are not escaped and validated when added to database.
05-11-2014
1 MIN READ
From 0 to pentesting hero
Clickjacking
How to convince the user to delete his account on the website without his consent?
17-04-2019
3 MIN READ