vulnerability
-
Vulnerability Report - WordPress plugin - givewp XSS to get admin!
This is a post I back dated to when I privately reported a vulnerability to givewp for their WordPress plugin. I privately shared via their support contact form. The version this XSS was found is long in the past! > I discovered an XSS vulnerability, details included in Vulnerability input. > If you have any questions or need more information please let me know! I wasn’t sure how to do a ‘private pull request’ otherwise I …
-
Vulnerability Report - WordPress plugin - php-everywhere Low priv users with code execution
This is a post I back dated to when I privately reported a vulnerability to the author of the php-everywhere plugin. I discovered a low privileged user could execute arbitrary PHP code and provided a POC where a low priv user could upgrade their permissions to admin. (The plugin is no longer available for downloadhttps://wordpress.org/plugins/php-everywhere/) > Hi Alexander, I discovered a vulnerability in the PHP EveryWhere Plugin. - 1 - In PHP EveryWhere plugin options, set …