Written Exploits

exploisIcon

Wordpress Core 5 .2.2 - 'post previews' XSS

WordPress before 5.2.3 allows XSS in post previews by authenticated users.

Type: WebApps

Platform: PHP

exploisIcon

Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection

Fifteen WordPress themes use a vulnerable version of epsilon-framework that vulnerable to a critical unauthenticated function injection vulnerability, due to the lack of capability and CSRF nonce checks in AJAX actions.

Type: WebApps

Platform: PHP

exploisIcon

Jenkins 2.235.3 - 'Description' Stored XSS

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description that is displayed on item creation.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
Jenkins 2.252, LTS 2.235.4 escapes the project naming strategy description.

Type: WebApps

Platform: Java

exploisIcon

Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons.
Tooltip values can be contributed by plugins, some of which use user-specified values.
This results in a stored cross-site scripting (XSS) vulnerability.
Jenkins 2.252, LTS 2.235.4 escapes the tooltip content of help icons.

Type: WebApps

Platform: Java

exploisIcon

WordPress Yet Another Stars Rating PHP Object Injection

This Metasploit module affects WordPress Yet Another Stars Rating plugin versions prior to 1.8.7 and demonstrates a PHP object injection vulnerability.

Type: WebApps

Platform: PHP

Scroll to top