Vulnerabilities
Formidable Forms 1.07.11 Blind SQL Injection
`FrmFormsController
26-01-2016
2 MIN READ
Vulnerabilities
Prevent WPScan from scanning
Prevent username enumeration
04-01-2016
5 MIN READ
Vulnerabilities
Simple Ads Manager 2.9.4.116 SQL Injection
$whereClause and $whereClauseT and $whereClauseW and $whereClause2W are not escaped.
30-12-2015
3 MIN READ
Vulnerabilities
Admin Management Xtended 2.4.0 Privilege escalation
Inside almost all wp_ajax function there is no privilege check.
14-12-2015
1 MIN READ
Vulnerabilities
Breezing Forms 1.2.7.30 SQL Injection
Every registered user can access plugin admin interface.
02-12-2015
1 MIN READ
Vulnerabilities
WP Fastest Cache 0.8.4.8 Blind SQL Injection
$_POST['poll_id'] is not escaped properly.
11-11-2015
2 MIN READ
Vulnerabilities
OpenDocMan 1.2.9 XSS
By default it's possible to upload .html files. So we can put XSS there.
27-10-2015
1 MIN READ
Vulnerabilities
Favicon by RealFaviconGenerator 1.2.12 XSS
Nonce token is not checked inside install_new_favicon() function.
26-10-2015
1 MIN READ
From 0 to pentesting hero
CSV Injection
It may be found on every website that allows for exporting data to CSV format. But how the text format can be used for the attack?
27-03-2019
2 MIN READ