API tools faq
paste
Himeshvyas26

dailypakistan new wp exploit

Himeshvyas26
Mar 24th, 2019
409
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.65 KB | None | 0 0
raw download clone embed print report
  1. ┏━Target: dailypakistan.pk ┃
  2. ┠── CMS: WordPress ┃ │ ┃ ├── Version: 4.8.1
  3. ┃ ╰── URL: https://wordpress.org
  5. ┠──[WordPress Deepscan]
  6. ┃ │
  7. ┃ ├── Readme file found: https://dailypakistan.pk//readme.html ┃ ├── License file: https://dailypakistan.pk//license.txt ┃ ├── Changelog: https://codex.wordpress.org/Version_4.8.1
  8. ┃ ├── User registration enabled: https://dailypakistan.pk//wp-login.php?action=register ┃ │
  9. ┃ ├── Usernames harvested: 1
  10. ┃ │ ╰── dpadmin
  11. ┃ │
  12. ┃ ╰── Version vulnerabilities: 27
  13. ┃ │
  14. ┃ │
  15. ┃ ├── WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
  16. ┃ │ │
  17. ┃ │ ├── Type: SQLI
  18. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8905
  19. ┃ │ ├── Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  20. ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  21. ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
  22. ┃ │ ╰── Fixed In Version: 4.8.2
  23. ┃ │
  24. ┃ ├── WordPress 2.9.2-4.8.1 - Open Redirect
  25. ┃ │ │
  26. ┃ │ ├── Type: REDIRECT
  27. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8910
  28. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
  29. ┃ │ ├── Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  30. ┃ │ ├── Reference: https://core.trac.wordpress.org/changeset/41398
  31. ┃ │ ╰── Fixed In Version: 4.8.2
  32. ┃ │
  33. ┃ ├── WordPress 3.0-4.8.1 - Path Traversal in Unzipping
  34. ┃ │ │
  35. ┃ │ ├── Type: LFI
  36. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8911
  37. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
  38. ┃ │ ├── Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  39. ┃ │ ├── Reference: https://core.trac.wordpress.org/changeset/41457
  40. ┃ │ ╰── Fixed In Version: 4.8.2
  41. ┃ │
  42. ┃ ├── WordPress 4.4-4.8.1 - Path Traversal in Customizer
  43. ┃ │ │
  44. ┃ │ ├── Type: LFI
  45. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8912
  46. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722
  47. ┃ │ ├── Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  48. ┃ │ ├── Reference: https://core.trac.wordpress.org/changeset/41397
  49. ┃ │ ╰── Fixed In Version: 4.8.2
  50. ┃ │
  51. ┃ ├── WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
  52. ┃ │ │
  53. ┃ │ ├── Type: XSS
  54. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8913
  55. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
  56. ┃ │ ├── Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  57. ┃ │ ├── Reference: https://core.trac.wordpress.org/changeset/41448
  58. ┃ │ ╰── Fixed In Version: 4.8.2
  59. ┃ │
  60. ┃ ├── WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
  61. ┃ │ │
  62. ┃ │ ├── Type: XSS
  63. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8914
  64. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
  65. ┃ │ ├── Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  66. ┃ │ ├── Reference: https://core.trac.wordpress.org/changeset/41395
  67. ┃ │ ├── Reference: https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
  68. ┃ │ ╰── Fixed In Version: 4.8.2
  69. ┃ │
  70. ┃ ├── WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
  71. ┃ │ │
  72. ┃ │ ├── Type: UNKNOWN
  73. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8807
  74. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
  75. ┃ │ ├── Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
  76. ┃ │ ├── Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
  77. ┃ │ ├── Reference: https://core.trac.wordpress.org/ticket/25239
  78. ┃ │ ╰── Fixed In Version: None
  79. ┃ │
  80. ┃ ├── WordPress <= 4.8.2 - $wpdb->prepare() Weakness
  81. ┃ │ │
  82. ┃ │ ├── Type: SQLI
  83. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8941
  84. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
  85. ┃ │ ├── Reference: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
  86. ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
  87. ┃ │ ├── Reference: https://twitter.com/ircmaxell/status/923662170092638208
  88. ┃ │ ├── Reference: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
  89. ┃ │ ╰── Fixed In Version: 4.8.3
  90. ┃ │
  91. ┃ ├── WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
  92. ┃ │ │
  93. ┃ │ ├── Type: BYPASS
  94. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8966
  95. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
  96. ┃ │ ├── Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  97. ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
  98. ┃ │ ╰── Fixed In Version: 4.8.4
  99. ┃ │
  100. ┃ ├── WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
  101. ┃ │ │
  102. ┃ │ ├── Type: XSS
  103. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8967
  104. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
  105. ┃ │ ├── Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  106. ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
  107. ┃ │ ╰── Fixed In Version: 4.8.4
  108. ┃ │
  109. ┃ ├── WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
  110. ┃ │ │
  111. ┃ │ ├── Type: XSS
  112. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8968
  113. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
  114. ┃ │ ├── Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  115. ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
  116. ┃ │ ╰── Fixed In Version: 4.8.4
  117. ┃ │
  118. ┃ ├── WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
  119. ┃ │ │
  120. ┃ │ ├── Type: UNKNOWN
  121. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8969
  122. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
  123. ┃ │ ├── Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  124. ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
  125. ┃ │ ╰── Fixed In Version: 4.8.4
  126. ┃ │
  127. ┃ ├── WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
  128. ┃ │ │
  129. ┃ │ ├── Type: XSS
  130. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9006
  131. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
  132. ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
  133. ┃ │ ├── Reference: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
  134. ┃ │ ├── Reference: https://core.trac.wordpress.org/ticket/42720
  135. ┃ │ ╰── Fixed In Version: 4.8.5
  136. ┃ │
  137. ┃ ├── WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
  138. ┃ │ │
  139. ┃ │ ├── Type: DOS
  140. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9021
  141. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
  142. ┃ │ ├── Reference: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
  143. ┃ │ ├── Reference: https://github.com/quitten/doser.py
  144. ┃ │ ├── Reference: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
  145. ┃ │ ╰── Fixed In Version: None
  146. ┃ │
  147. ┃ ├── WordPress 3.7-4.9.4 - Remove localhost Default
  148. ┃ │ │
  149. ┃ │ ├── Type: UNKNOWN
  150. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9053
  151. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
  152. ┃ │ ├── Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  153. ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
  154. ┃ │ ╰── Fixed In Version: 4.8.6
  155. ┃ │
  156. ┃ ├── WordPress 3.7-4.9.4 - Use Safe Redirect for Login
  157. ┃ │ │
  158. ┃ │ ├── Type: REDIRECT
  159. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9054
  160. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
  161. ┃ │ ├── Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  162. ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
  163. ┃ │ ╰── Fixed In Version: 4.8.6
  164. ┃ │
  165. ┃ ├── WordPress 3.7-4.9.4 - Escape Version in Generator Tag
  166. ┃ │ │
  167. ┃ │ ├── Type: XSS
  168. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9055
  169. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
  170. ┃ │ ├── Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  171. ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
  172. ┃ │ ╰── Fixed In Version: 4.8.6
  173. ┃ │
  174. ┃ ├── WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
  175. ┃ │ │
  176. ┃ │ ├── Type: UNKNOWN
  177. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9100
  178. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
  179. ┃ │ ├── Reference: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
  180. ┃ │ ├── Reference: http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
  181. ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
  182. ┃ │ ├── Reference: https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
  183. ┃ │ ├── Reference: https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
  184. ┃ │ ╰── Fixed In Version: 4.8.7
  185. ┃ │
  186. ┃ ├── WordPress <= 5.0 - Authenticated File Delete
  187. ┃ │ │
  188. ┃ │ ├── Type: UNKNOWN
  189. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9169
  190. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
  191. ┃ │ ├── Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  192. ┃ │ ╰── Fixed In Version: 4.8.8
  193. ┃ │
  194. ┃ ├── WordPress <= 5.0 - Authenticated Post Type Bypass
  195. ┃ │ │
  196. ┃ │ ├── Type: BYPASS
  197. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9170
  198. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
  199. ┃ │ ├── Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  200. ┃ │ ├── Reference: https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
  201. ┃ │ ╰── Fixed In Version: 4.8.8
  202. ┃ │
  203. ┃ ├── WordPress <= 5.0 - PHP Object Injection via Meta Data
  204. ┃ │ │
  205. ┃ │ ├── Type: OBJECTINJECTION
  206. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9171
  207. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
  208. ┃ │ ├── Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  209. ┃ │ ╰── Fixed In Version: 4.8.8
  210. ┃ │
  211. ┃ ├── WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
  212. ┃ │ │
  213. ┃ │ ├── Type: XSS
  214. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9172
  215. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
  216. ┃ │ ├── Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  217. ┃ │ ╰── Fixed In Version: 4.8.8
  218. ┃ │
  219. ┃ ├── WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
  220. ┃ │ │
  221. ┃ │ ├── Type: XSS
  222. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9173
  223. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
  224. ┃ │ ├── Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  225. ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
  226. ┃ │ ╰── Fixed In Version: 4.8.8
  227. ┃ │
  228. ┃ ├── WordPress <= 5.0 - User Activation Screen Search Engine Indexing
  229. ┃ │ │
  230. ┃ │ ├── Type: UNKNOWN
  231. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9174
  232. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
  233. ┃ │ ├── Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  234. ┃ │ ╰── Fixed In Version: 4.8.8
  235. ┃ │
  236. ┃ ├── WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
  237. ┃ │ │
  238. ┃ │ ├── Type: XSS
  239. ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9175
  240. ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
  241. ┃ │ ├── Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!