Skip to content
Klikki Oy
Search for:
X
Search for:
X

Tag: wordpress

WordPress core stored XSS

Overview A stored XSS vulnerability in WordPress allows an user with the posting capability to compromise the website. Under default configuration, the

Read More

July 24, 2015February 3, 2023 klikki
security bug bounty, wordpress

WordPress 4.2 core stored XSS

Overview Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script

Read More

April 26, 2015February 3, 2023 klikki
security wordpress

Google Analytics by Yoast stored XSS #2

Overview Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With approximately seven million downloads it’s one of the most popular WordPress

Read More

April 20, 2015February 3, 2023 klikki
security bug bounty, wordpress

Google Analytics by Yoast stored XSS

Updated March 20: added some technical details and YouTube demo. Overview Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With

Read More

March 19, 2015February 3, 2023 klikki
security wordpress

WPML vulnerabilities

Update March 13: Added vulnerability #4, unauthenticated administrative functions. Update April 12: Added vulnerability #5, reflected XSS via HTTP referer. March 19: See also Google Analytics

Read More

March 12, 2015February 3, 2023 klikki
security bug bounty, wordpress

WordPress comment exploit published

The Russian blog Habrahabr has published (translation) a proof of concept exploit for the WordPress bug reported by Klikki on November 20. The blog also reports

Read More

December 1, 2014February 3, 2023 klikki
security wordpress

WordPress 3 core unauthenticated stored XSS

Overview A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes

Read More

November 20, 2014February 3, 2023 klikki
security wordpress

Kaikki yleisesti käytössä olevat WordPress-versiot haavoittuvia

Klikki Oy on havainnut WordPress-sisällönhallintajärjestelmässä haavoittuvuuden, joka mahdollistaa ulkopuoliselle ohjelmakoodin syöttämisen WordPress-blogikirjoituksiin ja -sivuihin. Ainakin ohjelmiston kaikki 3-versiot, joita asennuksista on noin

Read More

November 3, 2014February 3, 2023 klikki
security wordpress

Posts navigation

Newer posts
  • media
  • security
  • Kiekko.tk
  • TyperA
Powered by WordPress

All rights reserved © Klikki Fast Press Theme by Seos Themes