Wordpress VS Kali

Exploits :

1. Comment Cross-Site Scripting

• Summary:
  • Vulnerability type(s): XSS (2017 OWASP Top 10: A7)
  • Version(s) affected: Wordpress 3.9 - 5.1
  • Tested in version: 4.2
  • Fixed in version: 4.2.23
• GIF Walkthrough:
• Steps to recreate:
  • Write a comment on any post
  • Include scripted elements into the comment
    • Example: <script> alert('SCRIPT ALERT') <script>
  • Post the comment for the scripted elements to be stored and applied
• Affected source code:
  • Link

2: Cross-site scripting via music metadata

• Summary:
  • CVE 2016-6814, Ver. <4.7.3 https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
• GIF Walkthrough:
  • 
  • Upload any audio file within file size constraints to the admin's media folder
  • As admin, start creating a post. Choose "Add Media," and choose "Create a playlist."
  • Add the audio file to the playlist, but insert an XSS script into the title. Again, we use the classic alert.

3. (Required) User Account Enumaration

• Summary:
  • Vulnerability types: Enumarating Users
  • Tested in version: 4.2.2
  • Fixed in version: Not fixed
• GIF Walkthrough:
• Steps to recreate:
  • Simply log in with different usernames to see whether the user exists. Unfortunately this is also possible through permalinks:

  http://example.com/author/[insertusernamehere]
  

• Affected source code:
  • Link 1

4. Sessions Not Terminated Upon Explicit User Logout

• Summary:
  • Vulnerability type(s): Auth Bypass/Broken Authentication (2017 OWASP Top 10: A2)
  • Version(s) affected: Wordpress 3.4.2 - 3.9.2
  • Tested in version: 3.9.1
  • Fixed in version: 4.0
• GIF Walkthrough:
• Steps to recreate:
  • After Admin user is logged out, use burp to grab cookie credentials
  • Apply stolen cookies to visit the admin interface
    • Example: root/wp-admin/profile.php
• Affected source code:
  • Link 1
  • Link 2