Security – Internet, WordPress, and otherwise

chained-quiz-1-1-8-2-reflected-xss Theme Builder Layout

Chained Quiz < 1.1.8.2 – Reflected XSS

DescriptionWordPress Plugin Plugin Chained Quiz before 1.1.8.2 suffers from a Reflected XSS vulnerability in the 'total_questions' POST parameter when a user completes a quiz. The code in question accepts the 'total_questions' parameter without escaping the special...

read more
owasp-top-10-security-risks-and-vulnerabilities Theme Builder Layout

OWASP Top 10 Security Risks and Vulnerabilities

Are you worried about the security of your WordPress plugin or theme? Are you sure they are safe to use? You should watch for these top 10 OWASP risks.You’re right to worry about whether your software is secure. As much as developers would like to create airtight...

read more
privilege-escalation-what-is-it-and-why-is-it-so-important Theme Builder Layout

Privilege Escalation: What is it and Why is it so Important?

Do you have multiple users on your WordPress website? Did you know hackers can exploit user accounts to take full control of your website? They can do this by taking advantage of what is known as a privilege escalation vulnerability.These vulnerabilities appear in...

read more
listingpro-2-5-4-unauthenticated-reflected-xss Theme Builder Layout

ListingPro < 2.5.4 – Unauthenticated Reflected XSS

DescriptionReflected XSS was discovered in the «ListingPro - WordPress Directory Theme», tested version — v2.5.3 Edit - WPScanTeam: January 13th, 2020 - Report Received & Envato Contacted January 13th, 2020 - Envato Investigating January 15th, 2020 - Theme...

read more
how-to-disable-xml-rpc-for-better-wordpress-security Theme Builder Layout

How to Disable XML-RPC for Better WordPress Security

We’ve come along way since WordPress was first launched. Back in the day, the feature called XML-RPC was extremely useful. In a time with slow internet speed and constant lags, it was difficult to write content online in real-time, like we do now. The XML-RPC function...

read more
real-estate-7-2-9-5-multiple-vulnerabilities Theme Builder Layout

Real Estate 7 < 2.9.5 – Multiple Vulnerabilities

DescriptionMultiple vulnerabilities was discovered in the «Real Estate 7 WordPress», tested version — v2.9.4: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - Authenticated Persistent Self-XSS - IDOR - Information Exposure Edit (WPScanTeam): January...

read more
easybook-1-2-2-multiple-vulnerabilities Theme Builder Layout

EasyBook < 1.2.2 – Multiple Vulnerabilities

DescriptionMultiple vulnerabilities was discovered in the «EasyBook – Directory & Listing WordPress Theme», tested version — v1.2.1: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - IDOR December 27th, 2019 - Envato Contacted January 6th, 2020 -...

read more
townhub-1-0-6-multiple-vulnerabilities Theme Builder Layout

TownHub < 1.0.6 – Multiple Vulnerabilities

DescriptionMultiple vulnerabilities was discovered in the «TownHub - Directory & Listing WordPress Theme», tested version — v1.0.2: - Unauthenticated XSS - Authenticated Persistent XSS - IDOR Edit (WPScanTeam): December 27h, 2019 - Envato Contacted January 5th,...

read more
citybook-2-3-4-multiple-vulnerabilities Theme Builder Layout

CityBook < 2.3.4 – Multiple Vulnerabilities

DescriptionMultiple vulnerabilities was discovered in the «CityBook - Directory & Listing WordPress Theme», tested version — v2.3.3: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - IDOR Edit (WPScanTeam): December 27h, 2019 - Envato Contacted...

read more
infinitewp-client-1-9-4-5-authentication-bypass Theme Builder Layout

InfiniteWP Client < 1.9.4.5 – Authentication Bypass

Proof of Concept It is possible to login as any administrator on the site due to logical mistakes in the code. The issue resides in the function iwp_mmb_set_request which is located in the init.php file. This checks if the request_params array of the core class is not...

read more
postie Theme Builder Layout

Postie <= 1.9.40 – Post Submission Spoofing & Stored XSS

Description"The Postie plugin for WordPress only allows posting of articles submitted by authorized users through a mailing list registered in the plugin settings. However through the email sender's spoofing technique, it was possible to bypass the plugin settings and...

read more

Get ALL Your SEO, WordPress & Divi News

Join Our Daily Roundup

SEO News and More

SEO News and More