January, 2020 - Spider Sec Ltd

January 30, 2020September 9, 2024Vulnerability Discovery

Registration Magic Multiple Unauthenticated XSS Vulnerabilities (Version 4.6.0.0)

Registration Magic Version 4.6.0.0 (Multiple XSS Vulnerabilities) Background After discovering two new WordPress Plugin vulnerabilities on a recent web application penetration test […]

January 29, 2020September 9, 2024Vulnerability Discovery

Registration Magic Authenticated Blind SQL Injection inside URL
(Version 4.6.0.0)

Registration Magic Version 4.6.0.0 Authenticated Blind SQL Injection in URL Background If you still haven’t read the preface to this discovery […]

January 21, 2020May 1, 2020Vulnerability Discovery

Calculated Fields Form WP Plugin (Version <= 1.0.353) Authenticated Stored XSS

Calculated Fields Form WP Plugin (Version <= 1.0.353) Multiple Authenticated Stored XSS Background The Calculated Fields Form plugin through 1.0.353 for WordPress […]

January 16, 2020May 1, 2020Vulnerability Discovery

Chained Quiz WP Plugin Unauthenticated Reflected XSS (Version 1.1.8.1)

Chained Quiz WP Plugin Unauthenticated Reflected XSS (Version 1.1.8.1) Background During a web application penetration testing engagement, we discovered our client was […]