Skip to content
Spider Sec Ltd
Toggle menu
  • Home
  • About
  • Services
    • Web Application Penetration Testing UK
    • External Network Penetration Testing
    • Vulnerability Scanning
  • Blog
  • Contact

Category: Vulnerability Discovery

August 27, 2025September 18, 2025Blog, Vulnerability Discovery

CSRF to XSS Vulnerability In WordPress Plugin with 50,000 Installs

CSRF to XSS Vulnerability In WordPress Plugin with 50,000 Installs When auditing a WordPress site recently, I found a vulnerability in a […]

February 3, 2020August 23, 2025Blog, Vulnerability Discovery

Multiple Authenticated Stored XSS in NinjaForms Settings Page (Version 3.4.22 )

Authenticated Stored XSS in NinjaForms Settings Page (Version 3.4.22 )   Background A consultant at Spider Sec Ltd identified a critical vulnerability […]

January 30, 2020August 23, 2025Blog, Vulnerability Discovery

Registration Magic Multiple Unauthenticated XSS Vulnerabilities (Version 4.6.0.0)

Registration Magic Version 4.6.0.0 (Multiple XSS Vulnerabilities) Background After discovering two new WordPress Plugin vulnerabilities on a recent web application penetration test […]

January 29, 2020August 17, 2025Vulnerability Discovery

Registration Magic Authenticated Blind SQL Injection inside URL (Version 4.6.0.0)

Registration Magic Version 4.6.0.0 Authenticated Blind SQL Injection in URL   Background If you still haven’t read the preface to this discovery […]

January 21, 2020August 23, 2025Blog, Vulnerability Discovery

Calculated Fields Form WP Plugin (Version <= 1.0.353) Authenticated Stored XSS

Calculated Fields Form WP Plugin (Version <= 1.0.353) Multiple Authenticated Stored XSS Background The Calculated Fields Form plugin through 1.0.353 for WordPress […]

January 16, 2020August 23, 2025Blog, Vulnerability Discovery

Chained Quiz WP Plugin Unauthenticated Reflected XSS (Version 1.1.8.1)

Chained Quiz WP Plugin Unauthenticated Reflected XSS (Version 1.1.8.1) Background During a web application penetration testing engagement, we discovered our client was […]

Spider Security Ltd

Spider Sec Limited is a company registered in England and Wales with company number 12181699.

Contact Info.

20-22 Wenlock Road London N1 7GU United Kingdom
Contact@spider-security.co.uk
© 2025 Spider Sec Ltd. Proudly powered by Sydney