WordPress core stored XSS
Overview A stored XSS vulnerability in WordPress allows an user with the posting capability to compromise the website. Under default configuration, the
Overview A stored XSS vulnerability in WordPress allows an user with the posting capability to compromise the website. Under default configuration, the
Update 05 June, 2015: added some details and an online vulnerability test. If the app is loaded from a URL containing the user:password
Just-released WordPress 0day makes it easy to hijack millions of websites (Ars Technica)Hackers can infiltrate WordPress sites through comments section (The Hill)WordPress Under Attack
Overview Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script
Overview Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With approximately seven million downloads it’s one of the most popular WordPress
Adobe security update APSB15-06 addresses a “double free” vulnerability in the Flash Player Settings Manager. It’s a standalone program that can be launched programmatically
Facebook, Researcher Quarrel Over Bug Reward Eligibility (SecurityWeek)Apple Fixes Cookie Access Vulnerability in Billions of Safari Devices (Kaspersky Threatpost)Apple splats Safari flaw affecting a
Overview The 4/8/2015 security updates from Apple included a patch for a Safari cross-domain vulnerability. An attacker could create web content which,
Updated March 20: added some technical details and YouTube demo. Overview Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With
Update March 13: Added vulnerability #4, unauthenticated administrative functions. Update April 12: Added vulnerability #5, reflected XSS via HTTP referer. March 19: See also Google Analytics