Exploit Title: Wordpress bib2html Cross site scripting Vulnerability Google Dork : inurl:wp-content/plugins/bib2html Software Link :http://downloads.wordpress.org/plugin/bib2html.0.9.3.zip Vendor Homepage : http://www.Wordpress.org Discovered By : ACC3SS Tested on: Windows 7 , Mozilla FireFox
Exploit Title: Wordpress Plugin Conversionninja Cross Site Scripting Google Dork : inurl:wp-content/plugins/conversionninja Vendor Homepage : http://www.Wordpress.org Tested on: Windows 7 , Mozilla FireFox Discovered By : Milad Hacking
Last month i reported a facebook exploit , which taking advantage of self-xss into hacking users access token .
facebook response was negative , saying that its a " social engineering " and not an exploit .
A major fact , what i reported was a loophole in one of main facebook APPs , trying to confince facebook security team " Arya " that its a bug , and iam not reporting a social engineering things here .
There are Content Spoofing, Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities in Flexolio for WordPress. Which contains TimThumb and CU3ER.
"iMember360is a WordPress plugin that will turn a normal WordPress site into a full featured membership site. It includes all the protection
controls you can imagine, yet driven by Infusionsoft's second-to-none CRM and e-commerce engine."
More Articles ...
- WordPress Work-The-Flow 1.2.1 Shell Upload
- WordPress Echelon Theme Shell Upload
- vBulletin 5.1 Multiple XSS vulnerabilities
- PHPFox 3.7.5 Authorization Bypass