WPvSCAN scans the version of CMS WordPress on the target website and compares it with the most recent version. After that, it also offers the option of listing all know exploits using SearchSploit tool by […]
WordPress Fancy Product Designer for WooCommerce plugin versions 4.5.1 and below suffer from an unauthenticated arbitrary file upload vulnerability.
WordPress Good LMS plugin versions 2.1.4 and below suffer from a remote SQL injection vulnerability.
The WordPress File Manager (wp-file-manager) plugin versions 6.0 through 6.8 allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, […]
WordPress Simple File List plugin version 5.4 suffers from a remote shell upload vulnerability.
# Exploit Title: WordPress Theme NexosReal Estate 1.7 – ‘search_order’ SQL Injection # Google Dork: inurl:/wp-content/themes/nexos/ # Date: 2020-06-17 # Exploit Author: Vlad Vector # Vendor: Sanljiljan [ https://themeforest.net/user/sanljiljan ] # Software Version: 1.7 # […]
0xWPBF is an enumeration and bruteforce attack tool against WordPress Installation: [su_quote] 1) git clone https://github.com/0xAbdullah/0xWPBF.git 2) pip2 install mechanicalsoup 3) pip2 install PrettyTable [/su_quote] Usage: [su_quote] python 0xwpbf.py -s http://example.com [E] Quick scan of […]