Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

Stored Cross-Site Scripting vulnerability in Contact Form WordPress Plugin

Leave a comment

Posted by Summer of Pwnage on Feb 28

————————————————————————
Stored Cross-Site Scripting vulnerability in Contact Form WordPress
Plugin
————————————————————————
Julien Rentrop, July 2016

————————————————————————
Abstract
————————————————————————
A stored Cross-Site Scripting vulnerability was…

Full Disclosure

Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin

Leave a comment

Posted by Summer of Pwnage on Feb 28

————————————————————————
Cross-Site Request Forgery & Cross-Site Scripting in Contact Form
Manager WordPress Plugin
————————————————————————
Edwin Molenaar, July 2016

————————————————————————
Abstract
————————————————————————
It was discovered that…

Full Disclosure

Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin

Leave a comment

Posted by Summer of Pwnage on Feb 28

————————————————————————
Stored Cross-Site Scripting vulnerability in User Login Log WordPress
Plugin
————————————————————————
Axel Koolhaas, July 2016

————————————————————————
Abstract
————————————————————————
A stored Cross-Site Scripting vulnerability…

Full Disclosure

Popup by Supsystic WordPress plugin vulnerable to Cross-Site Request Forgery

Leave a comment

Posted by Summer of Pwnage on Feb 28

————————————————————————
Popup by Supsystic WordPress plugin vulnerable to Cross-Site Request
Forgery
————————————————————————
Radjnies Bhansingh, July 2016

————————————————————————
Abstract
————————————————————————
A Cross-site Request Forgery vulnerablity…

Full Disclosure

WordPress Adminer plugin allows public (local) database login

Leave a comment

Posted by Summer of Pwnage on Feb 28

————————————————————————
WordPress Adminer plugin allows public (local) database login
————————————————————————
David Vaartjes, July 2016

————————————————————————
Abstract
————————————————————————
The Adminer WordPress plugin allows public login to the…

Full Disclosure

VaultPress – Remote Code Execution via Man in The Middle attack

Leave a comment

Posted by Summer of Pwnage on Feb 28

————————————————————————
VaultPress – Remote Code Execution via Man in The Middle attack
————————————————————————
David Vaartjes, July 2016

————————————————————————
Abstract
————————————————————————
A Man in The Middle (MiTM) vulnerability has been…

Full Disclosure

Cross-Site Scripting in Alpine PhotoTile for Instagram WordPress Plugin

Leave a comment

Posted by Summer of Pwnage on Feb 28

————————————————————————
Cross-Site Scripting in Alpine PhotoTile for Instagram WordPress Plugin
————————————————————————
Antonis Manaras, July 2016

————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found in…

Full Disclosure

Cross-Site Scripting in Google Analytics Dashboard WordPress Plugin

Leave a comment

Posted by Summer of Pwnage on Feb 28

————————————————————————
Cross-Site Scripting in Google Analytics Dashboard WordPress Plugin
————————————————————————
Yorick Koster, July 2016

————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found in the…

Full Disclosure

Cross-Site Scripting in Magic Fields 1 WordPress Plugin

Leave a comment

Posted by Summer of Pwnage on Feb 28

————————————————————————
Cross-Site Scripting in Magic Fields 1 WordPress Plugin
————————————————————————
Burak Kelebek, July 2016

————————————————————————
Abstract
————————————————————————
A reflected Cross-Site Scripting vulnerability has been encountered…

Full Disclosure

Cross-Site Scripting in Atahualpa WordPress Theme

Leave a comment

Posted by Summer of Pwnage on Feb 28

————————————————————————
Cross-Site Scripting in Atahualpa WordPress Theme
————————————————————————
Spyros Gasteratos, July 2016

————————————————————————
Abstract
————————————————————————
A number of Cross-Site Scripting vulnerabilities were found in the…