Shawn DeWolfe, Author at Shawn DeWolfe Consulting

Safe SVG < 1.9.6 – XSS Protection Bypass

Nov 8, 2019 | WordPress Vulnerabilities

Video POC (for <= 1.9.4): https://drive.google.com/open?id=19-sin0HB97L0tPMUAaGjgE5KjP4lXSuw Create a SVG with payload below to trigger XSS: “`<?xml version=”1.0″ standalone=”no”?> <svg viewBox=”0 0 100 100″...

Blog2Social < 5.9.0 – Cross-Site Scripting Issue

Nov 14, 2019 | WordPress Vulnerabilities

Publicly Published 2019-11-14 (about 23 hours ago) Added 2019-11-14 (about 15 hours ago) Last Updated 2019-11-14 (about 15 hours ago)

Email Subscribers & Newsletters < 4.2.3 – Multiple Issues

Nov 13, 2019 | WordPress Vulnerabilities

– Unauthenticated Export, leading to disclosure of subscribers data – Insecure Permissions on Dashboard and Settings – CSRF on Settings – Send Test Emails from the Administrative Dashboard as an Authenticated User (with a role of Subscriber and...

IgniteUp < 3.4.1 – Multiple Issues

Nov 10, 2019 | WordPress Vulnerabilities

All issues can be triggered by unauthenticated users: – Arbitrary File Deletion – HTML injection & CSRF in email messages – Stored Cross-Site Scripting – Disclosure of subscribers’ email address – Arbitrary subscriber deletion...

YIT Plugin Framework <= 3.3.8 – Authenticated Plugin's Settings Change

Oct 31, 2019 | WordPress Vulnerabilities

fixed in version 2.2.14 fixed in version 2.3.15 fixed in version 1.3.15 fixed in version 1.3.12 fixed in version 1.7.1 fixed in version 1.3.21 fixed in version 1.3.7 fixed in version 1.4.9 fixed in version 1.3.6 fixed in version 1.2.11 fixed in version 1.2.13 fixed in...

« Older Entries

Next Entries »

Plugin Development

Pixel to Viewport CSS

Integrations

Safe SVG < 1.9.6 – XSS Protection Bypass

Blog2Social < 5.9.0 – Cross-Site Scripting Issue

Email Subscribers & Newsletters < 4.2.3 – Multiple Issues

IgniteUp < 3.4.1 – Multiple Issues

YIT Plugin Framework <= 3.3.8 – Authenticated Plugin's Settings Change

Related Pages