Vulnerabilities
WordPress Esplanade 1.1.4 Theme Reflected XSS
$_GET['tab'] is not escaped.
26-05-2015
1 MIN READ
Vulnerabilities
pluck CMS 4.7.2 Path Traversal
When we use word thumb at the begining of $_GET['image'] it's possible to omit preg_match() function.
21-05-2015
1 MIN READ
Vulnerabilities
WordPress Pinboard 1.1.10 Theme Reflected XSS
$_GET['tab'] is not escaped.
18-05-2015
1 MIN READ
Vulnerabilities
Shortcodes Ultimate 4.9.3 Reflected XSS
We can read and display any external file using $_REQUEST['code'].
05-05-2015
2 MIN READ
Vulnerabilities
Greg's High Performance SEO 1.6.1 Reflected XSS
$_GET['submenu'] is not escaped.
04-05-2015
1 MIN READ
Vulnerabilities
Shareaholic 7.6.0.3 XSS
`ShareaholicAdmin
07-04-2015
1 MIN READ
Vulnerabilities
LiveZilla 5.3.0.8 XSS
Name field in chat.php may be used to send XSS visible inside Webbased Operator Client.
30-03-2015
1 MIN READ
Vulnerabilities
WP Marketplace 2.4.0 Arbitrary File Download
Anyone can run user defined function because of _call_userfunc().
21-03-2015
1 MIN READ
From 0 to pentesting hero
Cross-Site Websocket Hijacking
Not so long ago, to make website's content appear in real time it had to be kind of simulated. For example from the level of JavaScript - by sending a request to the server every few seconds and downloading the latest content.
24-07-2019
4 MIN READ