Authenticated Stored XSS in NinjaForms Settings Page (Version 3.4.22 ) Background A Spider Sec Ltd consultant discovered an Authenticated Stored XSS vulnerability inside the Ninja forms WordPress Plugin which could allow attackers to hi-jack administrative cookies if an attack is coupled together with a phishing campaign. Technical Details The following parameters are vulnerable […]
Registration Magic Version 4.6.0.0 (Multiple XSS Vulnerabilities) Background After discovering two new WordPress Plugin vulnerabilities on a recent web application penetration test (which were authenticated and difficult to weaponise) I decided to go in search for some higher ticket WordPress Plugin vulnerabilities in my spare time. I started downloading registration form and forum building plugins, […]
Registration Magic Version 4.6.0.0 Authenticated Blind SQL Injection in URL Background If you still haven’t read the preface to this discovery please take a look here. Technical Details Authenticated SQL Injection in Form_id field The form_id field takes input from a number of in the front end and processes it on […]
Calculated Fields Form WP Plugin (Version <= 1.0.353) Multiple Authenticated Stored XSS Background The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These Calculated Fields Form vulnerabilities were discovered during a web application penetration test by a Spider Sec Ltd Consultant. Technical Details​ An […]
Chained Quiz WP Plugin Unauthenticated Reflected XSS (Version 1.1.8.1) Background During a web application penetration testing engagement, we discovered our client was using the Chained Quiz Plugin to serve quizzes on the front-end of their site. A quick analysis using WPscan uncovered several historic Chained Quiz Vulnerabilities which had been disclosed in previous versions. As […]