The Latest Infosec News, Tools, and Exploits – Got Root?
The WordPress plugin User Meta 2.4.3 and below is vulnerable to path traversal exploitation. Both the lite and pro version are exploitable and the solution is to update to version 2.4.4.
The WordPress plugin wpDiscuz version 7.0.4 suffers an arbitrary file upload vulnerability that does not require authentication.
The WordPress CMS version 5.0.0 suffers from a Image Remote Code Execution vulnerability via access with at least an Author account.
The WordPress plugin Stripe Payments 2.0.39 suffers from a Stored Cross Site Scripting vulnerability(XSS). Currently their is not an updated version.
The WordPress plugin WP-Paginate 2.1.3 suffers from a Stored Cross Site Scripting vulnerability(XSS). Currently their is not an updated version.
Currently WordPress Core Version 5.2.2 suffers from cross site scripting vulnerability located within “post previews”. Flaw is fixed by upgrading to WordPress version
WPvSCAN scans the version of CMS WordPress on the target website and compares it with the most recent version. After that, it also offers the option of listing all know exploits using SearchSploit tool by […]
WordPress Fancy Product Designer for WooCommerce plugin versions 4.5.1 and below suffer from an unauthenticated arbitrary file upload vulnerability.
WordPress Good LMS plugin versions 2.1.4 and below suffer from a remote SQL injection vulnerability.
The WordPress File Manager (wp-file-manager) plugin versions 6.0 through 6.8 allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, […]
