PageLines Platform 1.1.4 CSRF vulnerability
Platform 4 by PageLines is a WordPress theme. During a bug bounty investigation, a CSRF-RCE vulnerability was found in the administrative functions of the
Category: security
W3 Total Cache SSRF vulnerability
W3 Total Cache is a caching plugin with more than a million active installs. Versions prior to 0.9.5 are vulnerable to a server
WordPress Stream plugin stored XSS / remote code execution
The most viewed HackerOne vulnerability report Q2/2016
Uber OneLogin authentication bypass by Klikki was the most viewed vulnerability report of Q2 2016 on HackerOne
Klikki’s Uber bug bounty findings in the news
Uber Pays Researcher $10,000 for Critical Flaw (SecurityWeek) Uber Pays Researcher $10k for Login Bypass Exploit (Threatpost)
Fluid Responsive Slideshow CSRF vulnerability
The Fluid Responsive Slideshow WordPress plugin was found vulnerable to a CSRF bug that could ultimately lead to server-side compromise. Additionally there was a
All-in-One Event Calendar stored XSS and SQL injection
All-in One Event Calendar by Time.ly is a WordPress plugin with 100,000+ active installs according to statistics provided by WordPress. Two critical bugs
MainWP admin panel unauthenticated stored XSS
MainWP is a WordPress remote administration plugin. Missing authorization checks on a setup panel allowed unauthenticated attackers to modify some of the MainWP
The 2016 Yahoo bug in the media
Yahoo Mail Patches Severe XSS Flaw Affecting 300M Users (Infosecurity Magazine) Critical Yahoo email flaw patched through bug bounty program (ZDNet) Suomalaismies
Yahoo Mail stored XSS
A stored XSS vulnerability in Yahoo Mail was patched earlier this month. The flaw allowed malicious JavaScript code to be embedded in a specially