Blog
CarSpot < 2.2.1 – Multiple Vulnerabilities
DescriptionMultiple vulnerabilities was discovered in the «CarSpot – Dealership Wordpress Classified Theme», tested version — v2.2.0: - Authenticated Persistent XSS -> Registration Form/User Profile - Authenticated Persistent XSS -> Ad Post - IDOR leading to...
Popular Design News of the Week: January 20, 2020 – January 26, 2020
Every week users submit a lot of interesting stuff on our sister site Webdesigner News, highlighting great content from around the web that can be of interest to web designers. The best way to keep track of all the great stories and news being posted is simply...
All-in-One WP Migration Google Drive Extension, Plugins Garbage Collector, Advanced Database Cleaner, and ClassicPress options in Episode 421
Podcast: Play in new window | Download | EmbedSubscribe: Apple Podcasts | Android | Google Podcasts | RSSIt's Episode 421 and I've got plugins for Migrating WordPress, Garbage Collection, Database Cleaning, and ClassicPress Options. It's all coming up on WordPress...
Batch-Move Posts <= 1.5 – Broken Authentication leading to Unauthenticated Stored XSS
Proof of Concept Vulnerable code is from like 68 to 84. The code gets the value of option `bm_row_amount` from database and matches it with the GET request `row_amount`. If they do not match then it updates the option `bm_row_amount` with the provided GET value. If...
Popular Design News of the Week: January 13, 2020 – January 19, 2020
Every week users submit a lot of interesting stuff on our sister site Webdesigner News, highlighting great content from around the web that can be of interest to web designers. The best way to keep track of all the great stories and news being posted is simply...
Real Estate 7 < 2.9.5 – Multiple Vulnerabilities
DescriptionMultiple vulnerabilities was discovered in the «Real Estate 7 WordPress», tested version — v2.9.4: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - Authenticated Persistent Self-XSS - IDOR - Information Exposure Edit (WPScanTeam): January...
Marketo Forms and Tracking <= 1.0.2 – CSRF to XSS
<html> <form action="https://[WP]/wp-admin/admin.php?page=marketo_fat" method="POST" id="csrf"> <input type="text" name="marketo_save" value="true"> <input type="text" name="marketo[marketo_id]"...
InfiniteWP Client < 1.9.4.5 – Authentication Bypass
Proof of Concept It is possible to login as any administrator on the site due to logical mistakes in the code. The issue resides in the function iwp_mmb_set_request which is located in the init.php file. This checks if the request_params array of the core class is not...
Chained Quiz < 1.1.8.2 – Reflected XSS
DescriptionWordPress Plugin Plugin Chained Quiz before 1.1.8.2 suffers from a Reflected XSS vulnerability in the 'total_questions' POST parameter when a user completes a quiz. The code in question accepts the 'total_questions' parameter without escaping the special...
Can Best Practice Replace Design Research?
Tempting it may be to skip the consultation process, but a ‘first principles’ approach is not going to cut it with the majority of your clients. The principles of design exist for a reason, but knowing when and how to break them is what separates great designers from...