Handy FB Scripts

Free FB Extensions

Social Applications
Free Social Applications
Social Media Scripts

G+,LinkedIn & Other

Articles Tagged ‘wordpress’

Hacking WordPress , Bypass wordpress hash decode

In this tutorial you will see how to hack wordpress , and how to bypass hash password decode . 


WonderPlugin Audio Player 2.0 Blind SQL Injection and XSS

wp_ajax_save_item() is accessible for every registered user (admin privileges are not checked).

WordPress Advanced Access Manager 2.8.2 File Write / Code Execution


Software: Advanced Access Manager

WordPress Aspose Cloud eBook Generator File Download

WordPress Aspose Cloud eBook Generator plugin suffers from an arbitrary file download vulnerability.


Content Spoofing and Cross-Site Scripting vulnerabilities in
plugin DZS Video Gallery for WordPress.

Wordpress dzs-videogallery plugin Cross site scripting Vulnerability

Exploit Title Wordpress dzs-videogallery plugin Cross site scripting Vulnerability 
Vendor Homepage  http://digitalzoomstudio.net/

Google Dork inurl:/wp-content/plugins/dzs-videogallery
Tested on Windows 8 , Linux

WordPress Echelon Theme Shell Upload

Vendor Homepage: http://wordpress.org/
Google Dork: inurl:/wp-content/themes/echelon/


Wordpress Plugins

WordPress Flexolio XSS / Disclosure / File Upload

There are Content Spoofing, Cross-Site Scripting, Full path disclosure, 
Abuse of Functionality, Denial of Service and Arbitrary File Upload 
vulnerabilities in Flexolio for WordPress. Which contains TimThumb and 

Wordpress Plugins

WordPress Huge IT Slider 2.6.8 SQL Injection

WordPress Huge IT Slider plugin version 2.6.8 suffers from multiple remote SQL injection vulnerabilities

WordPress iMember360is 3.9.001 XSS / Disclosure / Code Execution


"iMember360is a WordPress plugin that will turn a normal WordPress site into a full featured membership site. It includes all the protection

controls you can imagine, yet driven by Infusionsoft's second-to-none CRM and e-commerce engine."

-- http://imember360.com/


Wordpress Plugins

WordPress Like Dislike Counter 1.2.3 SQL Injection

Wordpress Like Dislike Counter Plugin SQL Injection Vulnerability

WordPress Marketplace 2.4.0 Add Administrator

WordPress Marketplace plugin version 2.4.0 add administrator exploit that leverages a vulnerability that allows an attacker to execute any php function unauthenticated.

WordPress Multiple Themes Arbitrary File Download

WordPress Ultimate Theme Arbitrary File Download

WordPress Reflex Gallery 3.1.3 Shell Upload

WordPress Reflex Gallery plugin version 3.1.3 suffers from a remote shell upload vulnerability.

WordPress SEO By Yoast SQL Injection

WordPress SEO by Yoast plugin versions and below suffer from a remote blind SQL injection vulnerability.

WordPress Slideshow Gallery 1.4.6 Shell Upload

WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability.

WORDPRESS Theme Elegance Local File Disclosure

Post Local File Disclosure in wordpress theme Elegance


WordPress Theme My Login 6.3.9 Local File Inclusion

WordPress Theme My Login plugin version 6.3.9 provides access to arbitrary files and could facilitate arbitrary code execution.


WordPress thumb.php and timthumb.php XSS and path disclosure Vulnerabilities

wordpress Control Management System (CMS), how much secure is it , comparing to other CMS  such as joomla, drupal .. etc . 


WordPress Work-The-Flow 1.2.1 Shell Upload

Software: https://wordpress.org/plugins/work-the-flow-file-upload/ Company: http://wtf-fu.com/ Version: 1.2.1 Tested on: Windows 7 Vulnerability: Unrestricted File Upload


Wordpress Plugins

Copyright © 2016 Twitter/shreateh