Select Page

Blog

Real Estate 7 < 2.9.5 – Multiple Vulnerabilities

Real Estate 7 < 2.9.5 – Multiple Vulnerabilities

DescriptionMultiple vulnerabilities was discovered in the «Real Estate 7 WordPress», tested version — v2.9.4: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - Authenticated Persistent Self-XSS - IDOR - Information Exposure Edit (WPScanTeam): January...

read more
InfiniteWP Client < 1.9.4.5 – Authentication Bypass

InfiniteWP Client < 1.9.4.5 – Authentication Bypass

Proof of Concept It is possible to login as any administrator on the site due to logical mistakes in the code. The issue resides in the function iwp_mmb_set_request which is located in the init.php file. This checks if the request_params array of the core class is not...

read more
Chained Quiz < 1.1.8.2 – Reflected XSS

Chained Quiz < 1.1.8.2 – Reflected XSS

DescriptionWordPress Plugin Plugin Chained Quiz before 1.1.8.2 suffers from a Reflected XSS vulnerability in the 'total_questions' POST parameter when a user completes a quiz. The code in question accepts the 'total_questions' parameter without escaping the special...

read more
Can Best Practice Replace Design Research?

Can Best Practice Replace Design Research?

Tempting it may be to skip the consultation process, but a ‘first principles’ approach is not going to cut it with the majority of your clients. The principles of design exist for a reason, but knowing when and how to break them is what separates great designers from...

read more
No Such Thing as a Free Lunch

No Such Thing as a Free Lunch

Podcast: Play in new window | Download | EmbedSubscribe: Apple Podcasts | Android | Google Podcasts | RSSIt's Episode 443 and I've got plugins for Speed, Free SSL Certs, Shopping Carts, Managing your Files and ClassicPress Options. It's all coming up on WordPress...

read more
ListingPro < 2.5.4 – Unauthenticated Reflected XSS

ListingPro < 2.5.4 – Unauthenticated Reflected XSS

DescriptionReflected XSS was discovered in the «ListingPro - WordPress Directory Theme», tested version — v2.5.3 Edit - WPScanTeam: January 13th, 2020 - Report Received & Envato Contacted January 13th, 2020 - Envato Investigating January 15th, 2020 - Theme...

read more