Exploits :
- Summary:
- Vulnerability type(s): XSS (2017 OWASP Top 10: A7)
- Version(s) affected: Wordpress 3.9 - 5.1
- Tested in version: 4.2
- Fixed in version: 4.2.23
- GIF Walkthrough:
- Steps to recreate:
- Write a comment on any post
- Include scripted elements into the comment
- Example: <script> alert('SCRIPT ALERT') <script>
- Post the comment for the scripted elements to be stored and applied
- Affected source code:
- Summary:
- GIF Walkthrough:
- Summary:
- Vulnerability types: Enumarating Users
- Tested in version: 4.2.2
- Fixed in version: Not fixed
- GIF Walkthrough:
- Steps to recreate:
- Simply log in with different usernames to see whether the user exists. Unfortunately this is also possible through permalinks:
http://example.com/author/[insertusernamehere]
- Affected source code:
- Summary:
- Vulnerability type(s): Auth Bypass/Broken Authentication (2017 OWASP Top 10: A2)
- Version(s) affected: Wordpress 3.4.2 - 3.9.2
- Tested in version: 3.9.1
- Fixed in version: 4.0
- GIF Walkthrough:
- Steps to recreate:
- After Admin user is logged out, use burp to grab cookie credentials
- Apply stolen cookies to visit the admin interface
- Example: root/wp-admin/profile.php
- Affected source code: