CSRF to XSS Vulnerability In WordPress Plugin with 50,000 Installs
CSRF to XSS Vulnerability In WordPress Plugin with 50,000 Installs When auditing a WordPress site recently, I found a vulnerability in a […]
Category: Vulnerability Discovery
Multiple Authenticated Stored XSS in NinjaForms Settings Page (Version 3.4.22 )
Authenticated Stored XSS in NinjaForms Settings Page (Version 3.4.22 ) Background A consultant at Spider Sec Ltd identified a critical vulnerability […]
Registration Magic Multiple Unauthenticated XSS Vulnerabilities (Version 4.6.0.0)
Registration Magic Version 4.6.0.0 (Multiple XSS Vulnerabilities) Background After discovering two new WordPress Plugin vulnerabilities on a recent web application penetration test […]
Registration Magic Authenticated Blind SQL Injection inside URL (Version 4.6.0.0)
Registration Magic Version 4.6.0.0 Authenticated Blind SQL Injection in URL Background If you still haven’t read the preface to this discovery […]
Calculated Fields Form WP Plugin (Version <= 1.0.353) Authenticated Stored XSS
Calculated Fields Form WP Plugin (Version <= 1.0.353) Multiple Authenticated Stored XSS Background The Calculated Fields Form plugin through 1.0.353 for WordPress […]
Chained Quiz WP Plugin Unauthenticated Reflected XSS (Version 1.1.8.1)
Chained Quiz WP Plugin Unauthenticated Reflected XSS (Version 1.1.8.1) Background During a web application penetration testing engagement, we discovered our client was […]