Two vulnerabilities in the Orbit Fox WordPress plugin, a privilege-escalation issue and a stored XSS bug, can allow site takeover.
Security experts from Wordfence have discovered two security vulnerabilities in the Orbit Fox WordPress plugin. The flaws are a privilege-escalation vulnerability and a stored XSS bug that impacts over 40,000 installs.
The
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework###class MetasploitModule < Msf::Auxiliaryinclude Msf::Auxiliary::Reportinclude Msf::Exploit::Remote::HTTP::Wordpressinclude Msf::Auxiliary::Scannerdef initialize(info = {})super(update_info(info,'Name' => '
Publish At:
2021-01-06 12:21 |
Read:199 | Comments:0 |
Tags:
wordpress
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Auxiliary::Scanner def initialize(info = {}) super(update_info(info,
Publish At:
2021-01-03 14:09 |
Read:221 | Comments:0 |
Tags:
wordpress
# Exploit Title: WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload# Google Dork: inurl:/wp-content/plugins/angwp# Date: 23/12/2020# Exploit Author: bilal# Tested on: Linux parrot amd64import os.pathfrom os import pathimport jsonimport requests;import sysdef print_banner():print("Adning Advertising < 1.5.6 - Arbitrary File Upload"
Publish At:
2020-12-28 16:35 |
Read:249 | Comments:0 |
Tags:
wordpress
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework###class MetasploitModule < Msf::Auxiliaryinclude Msf::Auxiliary::Reportinclude Msf::Exploit::Remote::HTTP::Wordpressinclude Msf::Auxiliary::Scannerdef initialize(info = {})super(update_info(info,'Name' => '
Publish At:
2020-12-23 16:51 |
Read:252 | Comments:0 |
Tags:
wordpress
class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info, 'Name' => 'WordPress PHP Object Injection in Yet Another Stars Ratin
Publish At:
2020-12-20 14:45 |
Read:364 | Comments:0 |
Tags:
wordpress
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Auxiliary::Scanner def initialize(info = {}) super(update_info(info,
Publish At:
2020-12-18 12:03 |
Read:215 | Comments:0 |
Tags:
wordpress
The development team behind the Contact Form 7 WordPress plugin discloses an unrestricted file upload vulnerability.
Jinson Varghese Behanan from Astra Security discovered an unrestricted file upload vulnerability in the popular Contact Form 7 WordPress vulnerability. The WordPress plugin allows users to add multiple contact forms on their site.
̶
The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch.The vulnerable plugin, Contact Form 7, has over 5 million active installs making this urgent upgrade a necessity for WordPress site owners out there.Unrestricted file uploadThis week, Contact Form 7 project has disclo
Threat actors are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin installed on more than 500,000 sites.
Hackers are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin to reset passwords for admin accounts.
The SMTP WordPress plugin is installed on more than 500,000 sites,
Title: Reflected XSS Product: WordPress DirectoriesPro Plugin by SabaiApps Vendor Homepage: https://directoriespro.com/ Vulnerable Version: 1.3.45 Fixed Version: 1.3.46 CVE Number: CVE-2020-29303 Author: Jack Misiura from The Missing Link Website: https://www.themissinglink.com.au Timeline: 2020-11-26 Disclosed to Vendor2020-11-27 Vendor releases patched ve
Publish At:
2020-12-11 17:15 |
Read:150 | Comments:0 |
Tags:
Xss wordpress
Title: Self-reflected XSS Product: WordPress DirectoriesPro Plugin by SabaiApps Vendor Homepage: https://directoriespro.com/ Vulnerable Version: 1.3.45 Fixed Version: 1.3.46 CVE Number: CVE-2020-29304 Author: Jack Misiura from The Missing Link Website: https://www.themissinglink.com.au Timeline: 2020-11-26 Disclosed to Vendor2020-11-27 Vendor releases patch
Publish At:
2020-12-11 17:15 |
Read:130 | Comments:0 |
Tags:
Xss wordpress
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HTTP::Wordpress prepend Msf::Exploit::Remote::AutoCheck include Msf::Exploit::FileDropper def initialize(info = {}) supe
Publish At:
2020-11-25 21:57 |
Read:261 | Comments:0 |
Tags:
wordpress
Hackers are scanning the Internet for WordPress websites with Epsilon Framework themes installed to launch Function Injection attacks.
Experts at the Wordfence Threat Intelligence team uncovered a large-scale wave of attacks targeting reported Function Injection vulnerabilities in themes using the Epsilon Framework.
Below a list of themes and related v
Unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150,000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers."So far today, we have seen a surge of more than 7.5 million attacks against more than 1.5 million sites targeting these vulnerabilities, coming from o