Select Page

Blog

CarSpot < 2.2.1 – Multiple Vulnerabilities

CarSpot < 2.2.1 – Multiple Vulnerabilities

DescriptionMultiple vulnerabilities was discovered in the «CarSpot – Dealership Wordpress Classified Theme», tested version — v2.2.0: - Authenticated Persistent XSS -> Registration Form/User Profile - Authenticated Persistent XSS -> Ad Post - IDOR leading to...

read more
Real Estate 7 < 2.9.5 – Multiple Vulnerabilities

Real Estate 7 < 2.9.5 – Multiple Vulnerabilities

DescriptionMultiple vulnerabilities was discovered in the «Real Estate 7 WordPress», tested version — v2.9.4: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - Authenticated Persistent Self-XSS - IDOR - Information Exposure Edit (WPScanTeam): January...

read more
InfiniteWP Client < 1.9.4.5 – Authentication Bypass

InfiniteWP Client < 1.9.4.5 – Authentication Bypass

Proof of Concept It is possible to login as any administrator on the site due to logical mistakes in the code. The issue resides in the function iwp_mmb_set_request which is located in the init.php file. This checks if the request_params array of the core class is not...

read more
Chained Quiz < 1.1.8.2 – Reflected XSS

Chained Quiz < 1.1.8.2 – Reflected XSS

DescriptionWordPress Plugin Plugin Chained Quiz before 1.1.8.2 suffers from a Reflected XSS vulnerability in the 'total_questions' POST parameter when a user completes a quiz. The code in question accepts the 'total_questions' parameter without escaping the special...

read more
Can Best Practice Replace Design Research?

Can Best Practice Replace Design Research?

Tempting it may be to skip the consultation process, but a ‘first principles’ approach is not going to cut it with the majority of your clients. The principles of design exist for a reason, but knowing when and how to break them is what separates great designers from...

read more