Vulnerabilities
WP Photo Album Plus 5.4.17 Reflected XSS
$_GET['walbum'] is not escaped.
06-11-2014
1 MIN READ
Vulnerabilities
WordPress Smart Forms 2.1.0 XSS
_rednao_smart_forms_save_formvalues function is accessible for everyone through admin-ajax.php
06-11-2014
2 MIN READ
Vulnerabilities
Ninja Forms 2.8.6 Reflected XSS
$_REQUEST['update_message'] is not escaped.
06-11-2014
1 MIN READ
Vulnerabilities
WP Contact Bank Standard Edition 2.0.69 XSS
Datas from checkboxes are not escaped and validated when added to database.
05-11-2014
1 MIN READ
Vulnerabilities
All-in-One WP Migration 2.0.2 Remote Code Execution
**Ai1wm_Import_Controller
05-11-2014
1 MIN READ
From 0 to pentesting hero
XSS using SVG file
The functionality of file upload is a key place where we should pay special attention to. If the attacker successfully sends and executes a malicious file, the whole server may be taken over.
12-03-2019
3 MIN READ