-
Ultimate Membership Pro Premium WordPress Plugin Recent Vulnerabilities Breakdown
While checking fixes of critical issues in a premium plugin, we stumbled across an insufficient filename entropy where the PHP function time() was used to generate a part of the md5 hashed string to form the filename. These files generally contain sensitive data, such as log, PII etc and as it’s not the first we see such…
-
February 2020 Monthly Vulnerability Roundup
WordPress Plugin Vulnerabilities wpdefault – Backdoor PluginAsync Javascript < 2.20.02.27 – Subscriber+ Stored XSS via Plugin Settings Change10Web Map Builder for Google Maps < 1.0.64 – Unauthenticated Stored XSS via Plugin Settings ChangeModern Events Calendar Lite <= 5.1.6 – Multiple Subscriber+ Stored XSSExport Users to CSV <= 1.4.2 – CSV InjectionPhoto Gallery < 1.5.46 -…
-
New Description and PoC fields in API
From today we have two new fields output in our API for enterprise users, the description and poc fields. We have been displaying this data on the wpvulndb.com website since almost the beginning of the project, but excluded the data from the API due to concerns of the extra bandwidth costs. We have had a number of users request the data…
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
WPScan 