WordPress Advanced Video Plugin 1.0 – Local File Inclusion (LFI)

Posted on Posted in Exploit

EDB-ID: 39646 CVE: N/A OSVDB-ID: N/A EDB Verified: YES Author: evait security Published: 2016-04-01 Download Exploit: Source Raw Download Vulnerable App: Download #!/usr/bin/env python # Exploit Title: Advanced-Video-Embed Arbitrary File Download / Unauthenticated Post Creation # Google Dork: N/A # Date: 04/01/2016 # Exploit Author: evait security GmbH # Vendor Homepage: arshmultani – http://dscom.it/ # […]

WordPress eBook Download Plugin 1.1 – Directory Traversal

Posted on Posted in Exploit, Tutorial's

EDB-ID: 39575 CVE: N/A OSVDB-ID: N/A EDB Verified: YES Author: Wadeek Published: 2016-03-21 Download Exploit: Raw Download Vulnerable App: download # Exploit Title: WordPress eBook Download 1.1 | Directory Traversal # Exploit Author: Wadeek # Website Author: https://github.com/Wad-Deek # Software Link: https://downloads.wordpress.org/plugin/ebook-download.zip # Version: 1.1 # Tested on: Xampp on Windows7 [Version Disclosure] ====================================== http://localhost/wordpress/wp-content/plugins/ebook-download/readme.txt […]

WordPress WooCommerce Store Toolkit Plugin 1.5.5 – Privilege Escalation

Posted on Posted in Exploit

EDB-ID: 39421 CVE: N/A OSVDB-ID: N/A EDB Verified: NO Author: Panagiotis Vagenas Published: 2016-02-08 Download Exploit: Raw Download Vulnerable App:  N/A * Exploit Title: WordPress WooCommerce – Store Toolkit Plugin [Privilege Escalation] * Discovery Date: 2016-02-06 * Public Disclosure Date: 2016-02-08 * Exploit Author: Panagiotis Vagenas * Contact: https://twitter.com/panVagenas * Vendor Homepage: http://www.visser.com.au/ * Software […]

WordPress User Meta Manager Plugin 3.4.6 – Information Disclosure

Posted on Posted in Exploit

EDB-ID: 39420 CVE: N/A OSVDB-ID: N/A EDB Verified: Yes Author: Panagiotis Vagenas Published: 2016-02-08 Download Exploit: Raw Download Vulnerable App: download * Exploit Title: WordPress User Meta Manager Plugin [Information Disclosure] * Discovery Date: 2015-12-28 * Public Disclosure Date: 2016-02-01 * Exploit Author: Panagiotis Vagenas * Contact: https://twitter.com/panVagenas * Vendor Homepage: http://jasonlau.biz/home/ * Software Link: […]