Exploits

CVE-2017-9419: WordPress WP Custom Fields Search v.0.3.28 Reflected Cross-Site Scripting (XSS)

Identification Date: 11/06/2017 Vendor Homepage: http://www.webhammer.co.uk/wordpress#tab-wp-custom-fields-search Software Link: http://wordpress.org/plugins/wp-custom-fields-search/   Description This version of the WP Custom Fields Search plug-in is vulnerable to a Reflected Cross-Site Scripting vulnerability in the “cs-all-0” parameter due to the lack of proper input handling of the user’s data. An attacker can execute arbitrary JavaScript using a specially crafted URL. Thus, when the victim clicks…

Continue Reading

Exploits

CVE-2017-9429: Event List Version v.0.7.8 Blind Based SQL Injection (SQLi)

Identification Date: 04/06/2017 Vendor Homepage: https://profiles.wordpress.org/mibuthu Software Link: https://wordpress.org/plugins/event-list/ An authenticated user can can exploit this vulnerability by editing an event. Each event has an id parameter which is not properly sanitized. An attacker cans exploit the vulnerable parameter and execute arbitrary SQL queries using blind based SQL injection. Proof of Concept In order to replay the attack, use the…

Continue Reading

Exploits

CVE-2017-9603: WordPress WP Jobs v.1.4 SQL Injection (SQLi)

Identification Date: 11/06/2017 Vendor Homepage: http://www.intensewp.com/ Software Link: https://en-gb.wordpress.org/plugins/wp-jobs/ Description SQL injection vulnerability in the WP Jobs plug-in 1.4 for WordPress allows an authenticated user to execute arbitrary SQL commands via the jobid parameter. Proof of Concept In order to replay the attack, use the link below. http://[wordpress_site]/wp-admin/edit.php?post_type=job&page=WPJobsJobApps&jobid=5 UNION ALL SELECT NULL,NULL,NULL,@@version,NULL,NULL– comment The results of the SQL injection are…

Continue Reading

Exploits

CVE-2017-9418: WP-Testimonials WordPress Plugin v.3.4.1 Union Based SQL Injection (SQLi)

Identification Date: 02/06/2017 Vendor Homepage: http://www.sunfrogservices.com/web-programmer/wp-testimonials/ Software Link: https://en-gb.wordpress.org/plugins/wp-testimonials/   Description SQL injection vulnerability in WordPress WP-Testimonials Version 3.4.1 allows to an authenticated user to execute arbitrary SQL commands via the testid parameter. Proof of Concept A Proof of Concept code is provided below. http://[wordpress_site]/wp-admin/admin.php?page=sfstst_manage&mode=sfststedit&testid=-1 UNION ALL SELECT NULL,@@version,NULL,NULL,NULL,NULL,NULL,NULL– comment The results of the SQL injection are being reflected in…

Continue Reading

Exploits

CVE-2017-9420: WordPress Spiffy Calendar v.3.2.0 Reflected Cross-Site Scripting (XSS)

Identification Date: 02/06/2017 Vendor Homepage: http://spiffycalendar.sunnythemes.com/ Software Link: https://wordpress.org/plugins/spiffy-calendar   Description This version of the Spiffy Calendar plug-in is vulnerable to a Reflected Cross-Site Scripting vulnerability in the “yr” parameter due to the lack of proper input handling of the user’s data. An attacker can execute arbitrary JavaScript using a specially crafted URL. Thus, when the victim clicks on the…

Continue Reading