MainWP admin panel unauthenticated stored XSS
MainWP is a WordPress remote administration plugin. Missing authorization checks on a setup panel allowed unauthenticated attackers to modify some of the MainWP
Tag: bug bounty
Yahoo Mail stored XSS
A stored XSS vulnerability in Yahoo Mail was patched earlier this month. The flaw allowed malicious JavaScript code to be embedded in a specially
WordPress core stored XSS
Overview A stored XSS vulnerability in WordPress allows an user with the posting capability to compromise the website. Under default configuration, the
Google Analytics by Yoast stored XSS #2
Overview Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With approximately seven million downloads it’s one of the most popular WordPress
Adobe Flash double free and cross domain bypass
Adobe security update APSB15-06 addresses a “double free” vulnerability in the Flash Player Settings Manager. It’s a standalone program that can be launched programmatically
WPML vulnerabilities
Update March 13: Added vulnerability #4, unauthenticated administrative functions. Update April 12: Added vulnerability #5, reflected XSS via HTTP referer. March 19: See also Google Analytics