Filter by tag: cms

Wormable Stored XSS on WordPress.org

10 min read 24 Dec 2018 by Karim El Ouerghemmi
The WordPress.org website holds the repositories for all plugins and themes that are used by all WordPress sites. Furthermore, it manages the accounts that developers use to edit the code of their themes and plugins. In this blog post, we investigate a critical stored XSS vulnerability on the WordPress.org website we have reported to the WordPress security team in May 2018.

WordPress Privilege Escalation through Post Types

13 min read 17 Dec 2018 by Simon Scannell
A logic flaw in the way WordPress created blog posts allowed attackers to access features only administrators were supposed to have (CVE-2018-20152). This lead to a Stored XSS and Object Injection in the WordPress core and more severe vulnerabilities in WordPress’s most popular plugins Contact Form 7 and Jetpack.

WordPress Design Flaw Leads to WooCommerce RCE

7 min read 6 Nov 2018 by Simon Scannell
A flaw in the way WordPress handles privileges can lead to a privilege escalation in WordPress plugins. This affects for example WooCommerce, the most popular e-commerce plugin with over 4 million installations. The vulnerability allows shop managers to delete certain files on the server and then to take over any administrator account (CVE-2018-20714).

WordPress Configuration Cheat Sheet

6 min read 31 Oct 2018 by Nils Werner
WordPress is the most frequently installed web application in the world. The system is operated not only by experienced developers but also by beginners. In this blog post, we summarize what to look out for when configuring your WordPress installation’s security.

WARNING: WordPress File Delete to Code Execution

9 min read 26 Jun 2018 by Slavco Mihajloski, Karim El Ouerghemmi
WordPress is the most popular CMS on the web. In this blog post we introduce an authenticated arbitrary file deletion vulnerability (CVE-2018-20714) in the WordPress core that can lead to attackers executing arbitrary code. The vulnerability was reported 7 months ago to the WordPress security team but still remains unpatched.