Select Page

Blog

Episode 481 | A Bluetick Update from Mike #Taber

Episode 481 | A Bluetick Update from Mike #Taber &nbsp In this episode of Startups For The Rest Of Us, Rob checks in with Mike Taber’s progress with Bluetick. They talk about his big new customer, traction on the podcast tour, Mike’s outreach to his LinkedIn...

read more
CarSpot < 2.2.1 – Multiple Vulnerabilities

CarSpot < 2.2.1 – Multiple Vulnerabilities

DescriptionMultiple vulnerabilities was discovered in the «CarSpot – Dealership Wordpress Classified Theme», tested version — v2.2.0: - Authenticated Persistent XSS -> Registration Form/User Profile - Authenticated Persistent XSS -> Ad Post - IDOR leading to...

read more
Real Estate 7 < 2.9.5 – Multiple Vulnerabilities

Real Estate 7 < 2.9.5 – Multiple Vulnerabilities

DescriptionMultiple vulnerabilities was discovered in the «Real Estate 7 WordPress», tested version — v2.9.4: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - Authenticated Persistent Self-XSS - IDOR - Information Exposure Edit (WPScanTeam): January...

read more
InfiniteWP Client < 1.9.4.5 – Authentication Bypass

InfiniteWP Client < 1.9.4.5 – Authentication Bypass

Proof of Concept It is possible to login as any administrator on the site due to logical mistakes in the code. The issue resides in the function iwp_mmb_set_request which is located in the init.php file. This checks if the request_params array of the core class is not...

read more
Chained Quiz < 1.1.8.2 – Reflected XSS

Chained Quiz < 1.1.8.2 – Reflected XSS

DescriptionWordPress Plugin Plugin Chained Quiz before 1.1.8.2 suffers from a Reflected XSS vulnerability in the 'total_questions' POST parameter when a user completes a quiz. The code in question accepts the 'total_questions' parameter without escaping the special...

read more