11 Aug

Vulnerability Details: Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in Simba Plugins Manager

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

One of the changelog entries for version 1.6.17 of Simba Plugins Manager is:

SECURITY: Various actions were not protected by ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for free for the first month (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

26 Jul

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Simple Custom CSS and JS

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

An advisory released by the JPCERT/CC and IPA states that a reflected cross-site scripting (XSS) vulnerability had been fixed in version ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for free for the first month (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

26 Jul

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Popup Maker

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

An advisory released by the JPCERT/CC and IPA states that a cross-site scripting (XSS) vulnerability had been fixed in version 1.6.5 ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for free for the first month (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

25 Jul

Vulnerability Details: PHP Object Injection Vulnerability in Referrer Detector

A month ago we discussed the web hosting company Pagely’s discovery of a number of PHP objection injection vulnerabilities in WordPress plugins. For some reason the unfixed ones have remained in the WordPress Plugin Directory despite being reported to the people running it. We recently took a closer look at those vulnerabilities while improving our detection of this kind of vulnerability for our new ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for free for the first month (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

25 Jul

Vulnerability Details: PHP Object Injection Vulnerability in AJAX Random Posts

A month ago we discussed the web hosting company Pagely’s discovery of a number of PHP objection injection vulnerabilities in WordPress plugins. For some reason the unfixed ones have remained in the WordPress Plugin Directory despite being reported to the people running it. We recently took a closer look at those vulnerabilities while improving our detection of this kind of vulnerability for our new ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for free for the first month (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

25 Jul

Vulnerability Details: PHP Object Injection Vulnerability in SiteBuilder Dynamic Components

A month ago we discussed the web hosting company Pagely’s discovery of a number of PHP objection injection vulnerabilities in WordPress plugins. For some reason the unfixed ones have remained in the WordPress Plugin Directory despite being reported to the people running it. We recently took a closer look at those vulnerabilities while improving our detection of this kind of vulnerability for our new ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for free for the first month (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

25 Jul

Vulnerability Details: PHP Object Injection Vulnerability in My Geo Posts Free

A month ago we discussed the web hosting company Pagely’s discovery of a number of PHP objection injection vulnerabilities in WordPress plugins. For some reason the unfixed ones have remained in the WordPress Plugin Directory despite being reported to the people running it. We recently took a closer look at those vulnerabilities while improving our detection of this kind of vulnerability for our new ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for free for the first month (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

25 Jul

Vulnerability Details: PHP Object Injection Vulnerability in Gravitate QA Tracker

A month ago we discussed the web hosting company Pagely’s discovery of a number of PHP objection injection vulnerabilities in WordPress plugins. For some reason the unfixed ones have remained in the WordPress Plugin Directory despite being reported to the people running it. We recently took a closer look at those vulnerabilities while improving our detection of this kind of vulnerability for our new ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for free for the first month (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

24 Jul

Vulnerability Details: PHP Object Injection Vulnerability in NextGEN Gallery geo

A month ago we discussed the web hosting company Pagely’s discovery of a number of PHP objection injection vulnerabilities in WordPress plugins. For some reason the unfixed ones have remained in the WordPress Plugin Directory despite being reported to the people running it. We recently took a closer look at those vulnerabilities while improving our detection of this kind of vulnerability for our new ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for free for the first month (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

10 Jul

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in WP Live Chat Support

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

An advisory was released by the JPCERT/CC and IPA that a cross-site scripting (XSS) vulnerability had been fixed in ...


To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for free for the first month (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.