wordpress Archives — Page 2 of 3

WordPress Simple File List 5.4 Shell Upload

November 3, 2020November 3, 2020 Admin

WordPress Simple File List plugin version 5.4 suffers from a remote shell upload vulnerability.

WordPress Hacking With WPScan

October 6, 2020 Admin

Web App Penetration Testing – #7 – WordPress Vulnerability Scanning & Username Enumeration

September 29, 2020 Admin

WordPress Autoptimize 2.7.6 Shell Upload

August 28, 2020August 28, 2020 Admin

WordPress NexosReal Estate Theme 1.7 Cross Site Scripting / SQL Injection

July 24, 2020 Admin

# Exploit Title: WordPress Theme NexosReal Estate 1.7 – ‘search_order’ SQL Injection # Google Dork: inurl:/wp-content/themes/nexos/ # Date: 2020-06-17 # Exploit Author: Vlad Vector # Vendor: Sanljiljan [ https://themeforest.net/user/sanljiljan ] # Software Version: 1.7 # […]

0xWPBF – WordPress Users Enumerate and Brute Force Attack

November 27, 2018September 29, 2020 Admin

0xWPBF is an enumeration and bruteforce attack tool against WordPress Installation: [su_quote] 1) git clone https://github.com/0xAbdullah/0xWPBF.git 2) pip2 install mechanicalsoup 3) pip2 install PrettyTable [/su_quote] Usage: [su_quote] python 0xwpbf.py -s http://example.com [E] Quick scan of […]

WordPress Plugin Export Users to CSV 1.1.1 – CSV Injection

August 16, 2018 Admin

# Exploit Title: WordPress Plugin Export Users to CSV 1.1.1 – CSV Injection # Exploit Author: Javier Olmedo # Website: https://hackpuntes.com # Date: 2018-08-14 # Google Dork: N/A # Vendor: Matt Cromwell # Software Link: […]

WordPress Plugin All In One Favicon Cross Site Scripting

July 19, 2018 Admin

# Exploit Title: WordPress Plugin All In One Favicon <= 4.6 – Authenticated Multiple XSS Persistent # Date: 2018-07-10 # Exploit Author: Javier Olmedo # Website: https://hackpuntes.com/ # Vendor Homepage: http://www.techotronic.de/ # Software Link: https://wordpress.org/plugins/all-in-one-favicon/ […]

WordPress Plugin Job Manager v4.1.0 Stored Cross Site

July 18, 2018July 18, 2018 Admin

# Exploit Title: WordPress Plugin Job Manager v4.1.0 Stored Cross Site Scripting # Google Dork: N/A # Date: 2018-07-15 # Exploit Author: Berk Dusunur & Selimcan Ozdemir # Vendor Homepage: https://wpjobmanager.com # Software Link: https://downloads.wordpress.org/plugin/wp-job-manager.latest-stable.zip […]

WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection

June 27, 2018June 27, 2018 Admin

[su_quote] # Exploit Title: WordPress Plugin Comments Import & Export < 2.0.4 – CSV Injection # Google Dork: N/A # Date: 2018-06-24 # Exploit Author: Bhushan B. Patil # Software Link: https://wordpress.org/plugins/comments-import-export-woocommerce/ # Affected Version: […]