Wordpress

WP STATISTICS PLUGIN SQL INJECTION VULNERABILITY

Requirements: WP-Statistics Plugin Version <= 12.0.7 Least Permission account : Subscriber account (with post edit permission) Why it is easy to exploit? This vulnerability is caused by the lack of sanitization in user provided data. An attacker with at least a subscriber account could leak sensitive data and under the right circumstances/configurations compromise your WordPress in...

Tags:

WAF RULE TO PREVENT 0-DAY ATTACKS IN WORDPRESS

(CVE-2017-8295) Wordpress <= 4.7.4 - Unauthorized Password Reset Vulnerability By default, WordPress is using an untrusted data to create a password reset link. That is supposed to be delivered only to the email address associated with the owner’s account. If the From email header is not present WordPress will use the server one. // check wp-includes/pluggable.php if ( !isset( $from_...

Tags: