API tools faq
paste
Guest User

Untitled

a guest
Jun 14th, 2019
89
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.48 KB | None | 0 0
raw download clone embed print report
  1.  
  2. A WORD TO THE SITE OWNER, THESE ARE THE THINGS YOU NEED TO PATCH UP.
  3.  
  4. -----------------------
  5.  
  6. [+] WordPress version 3.5.1 (Released on 2013-01-24) identified from advanced fingerprinting, readme
  7. [!] 45 vulnerabilities identified from the version number
  8.  
  9. [!] Title: Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure
  10. Reference: https://wpvulndb.com/vulnerabilities/5978
  11. Reference: http://seclists.org/fulldisclosure/2013/Jul/70
  12. [i] Fixed in: 3.5.2
  13.  
  14. [!] Title: WordPress 3.4-3.5.1 DoS in class-phpass.php
  15. Reference: https://wpvulndb.com/vulnerabilities/5979
  16. Reference: http://seclists.org/fulldisclosure/2013/Jun/65
  17. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173
  18. Reference: https://secunia.com/advisories/53676/
  19. [i] Fixed in: 3.5.2
  20.  
  21. [!] Title: WordPress 3.5.1 Multiple XSS
  22. Reference: https://wpvulndb.com/vulnerabilities/5980
  23. [i] Fixed in: 3.5.2
  24.  
  25. [!] Title: WordPress 3.5.1 TinyMCE Plugin Flash Applet Unspecified Spoofing Weakness
  26. Reference: https://wpvulndb.com/vulnerabilities/5981
  27. [i] Fixed in: 3.5.2
  28.  
  29. [!] Title: WordPress 3.5-3.5.1 oEmbed Unspecified XML External Entity (XXE)
  30. Reference: https://wpvulndb.com/vulnerabilities/5983
  31. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202
  32. [i] Fixed in: 3.5.2
  33.  
  34. [!] Title: WordPress 3.5-3.5.1 Multiple Role Remote Privilege Escalation
  35. Reference: https://wpvulndb.com/vulnerabilities/5984
  36. [i] Fixed in: 3.5.2
  37.  
  38. [!] Title: WordPress 3.5-3.5.1 HTTP API Unspecified Server Side Request Forgery (SSRF)
  39. Reference: https://wpvulndb.com/vulnerabilities/5985
  40. [i] Fixed in: 3.5.2
  41.  
  42. [!] Title: WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass
  43. Reference: https://wpvulndb.com/vulnerabilities/5970
  44. Reference: http://packetstormsecurity.com/files/123589/
  45. Reference: http://core.trac.wordpress.org/changeset/25323
  46. Reference: http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609
  47. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339
  48. Reference: https://secunia.com/advisories/54803/
  49. Reference: https://www.exploit-db.com/exploits/28958/
  50. [i] Fixed in: 3.6.1
  51.  
  52. [!] Title: WordPress 3.5 - 3.7.1 XML-RPC DoS
  53. Reference: https://wpvulndb.com/vulnerabilities/7526
  54. Reference: http://wordpress.org/news/2014/08/wordpress-3-9-2/
  55. Reference: http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/
  56. Reference: http://www.breaksec.com/?p=6362
  57. [i] Fixed in: 3.9.2
  58.  
  59. [!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
  60. Reference: https://wpvulndb.com/vulnerabilities/7528
  61. Reference: https://core.trac.wordpress.org/changeset/29384
  62. Reference: https://core.trac.wordpress.org/changeset/29408
  63. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
  64. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
  65. [i] Fixed in: 3.9.2
  66.  
  67. [!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
  68. Reference: https://wpvulndb.com/vulnerabilities/7529
  69. Reference: https://core.trac.wordpress.org/changeset/29398
  70. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
  71. [i] Fixed in: 3.9.2
  72.  
  73. [!] Title: WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout
  74. Reference: https://wpvulndb.com/vulnerabilities/7531
  75. Reference: http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout
  76. Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/leveraging-lfi-to-get-full-compromise-on-wordpress-sites/
  77. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5868
  78. [i] Fixed in: 4.0
  79.  
  80. [!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
  81. Reference: https://wpvulndb.com/vulnerabilities/7680
  82. Reference: http://klikki.fi/adv/wordpress.html
  83. Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
  84. Reference: http://klikki.fi/adv/wordpress_update.html
  85. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
  86. [i] Fixed in: 4.0
  87.  
  88. [!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
  89. Reference: https://wpvulndb.com/vulnerabilities/7681
  90. Reference: http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
  91. Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
  92. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
  93. Reference: https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
  94. Reference: https://www.exploit-db.com/exploits/35413/
  95. Reference: https://www.exploit-db.com/exploits/35414/
  96. [i] Fixed in: 4.0.1
  97.  
  98. [!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
  99. Reference: https://wpvulndb.com/vulnerabilities/7696
  100. Reference: http://www.securityfocus.com/bid/71234/
  101. Reference: https://core.trac.wordpress.org/changeset/30444
  102. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
  103. [i] Fixed in: 4.0.1
  104.  
  105. [!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
  106. Reference: https://wpvulndb.com/vulnerabilities/8111
  107. Reference: https://wordpress.org/news/2015/07/wordpress-4-2-3/
  108. Reference: https://twitter.com/klikkioy/status/624264122570526720
  109. Reference: https://klikki.fi/adv/wordpress3.html
  110. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
  111. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
  112. [i] Fixed in: 4.2.3
  113.  
  114. [!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
  115. Reference: https://wpvulndb.com/vulnerabilities/8473
  116. Reference: https://codex.wordpress.org/Version_4.5
  117. Reference: https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
  118. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
  119. [i] Fixed in: 4.5
  120.  
  121. [!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
  122. Reference: https://wpvulndb.com/vulnerabilities/8474
  123. Reference: https://codex.wordpress.org/Version_4.5
  124. Reference: https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
  125. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
  126. [i] Fixed in: 4.5
  127.  
  128. [!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
  129. Reference: https://wpvulndb.com/vulnerabilities/8475
  130. Reference: https://codex.wordpress.org/Version_4.5
  131. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
  132. [i] Fixed in: 4.5
  133.  
  134. [!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
  135. Reference: https://wpvulndb.com/vulnerabilities/8520
  136. Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
  137. Reference: https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
  138. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
  139. [i] Fixed in: 4.5.3
  140.  
  141. [!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
  142. Reference: https://wpvulndb.com/vulnerabilities/8615
  143. Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  144. Reference: https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
  145. Reference: https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
  146. Reference: http://seclists.org/fulldisclosure/2016/Sep/6
  147. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
  148. [i] Fixed in: 4.6.1
  149.  
  150. [!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
  151. Reference: https://wpvulndb.com/vulnerabilities/8616
  152. Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  153. Reference: https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
  154. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
  155. [i] Fixed in: 4.6.1
  156.  
  157. [!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
  158. Reference: https://wpvulndb.com/vulnerabilities/8716
  159. Reference: https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
  160. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  161. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
  162. [i] Fixed in: 4.7.1
  163.  
  164. [!] Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
  165. Reference: https://wpvulndb.com/vulnerabilities/8718
  166. Reference: https://www.mehmetince.net/low-severity-wordpress/
  167. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  168. Reference: https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
  169. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
  170. [i] Fixed in: 4.7.1
  171.  
  172. [!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
  173. Reference: https://wpvulndb.com/vulnerabilities/8719
  174. Reference: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
  175. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  176. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
  177. [i] Fixed in: 4.7.1
  178.  
  179. [!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
  180. Reference: https://wpvulndb.com/vulnerabilities/8720
  181. Reference: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
  182. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  183. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
  184. [i] Fixed in: 4.7.1
  185.  
  186. [!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
  187. Reference: https://wpvulndb.com/vulnerabilities/8721
  188. Reference: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
  189. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  190. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
  191. [i] Fixed in: 4.7.1
  192.  
  193. [!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
  194. Reference: https://wpvulndb.com/vulnerabilities/8730
  195. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
  196. Reference: https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
  197. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
  198. [i] Fixed in: 4.7.2
  199.  
  200. [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
  201. Reference: https://wpvulndb.com/vulnerabilities/8766
  202. Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  203. Reference: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
  204. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
  205. [i] Fixed in: 4.7.3
  206.  
  207. [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
  208. Reference: https://wpvulndb.com/vulnerabilities/8807
  209. Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
  210. Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
  211. Reference: https://core.trac.wordpress.org/ticket/25239
  212. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
  213.  
  214. [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
  215. Reference: https://wpvulndb.com/vulnerabilities/8815
  216. Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
  217. Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  218. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
  219. [i] Fixed in: 4.7.5
  220.  
  221. [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
  222. Reference: https://wpvulndb.com/vulnerabilities/8816
  223. Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  224. Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
  225. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
  226. [i] Fixed in: 4.7.5
  227.  
  228. [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
  229. Reference: https://wpvulndb.com/vulnerabilities/8817
  230. Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  231. Reference: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
  232. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
  233. [i] Fixed in: 4.7.5
  234.  
  235. [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
  236. Reference: https://wpvulndb.com/vulnerabilities/8818
  237. Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  238. Reference: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
  239. Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
  240. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
  241. [i] Fixed in: 4.7.5
  242.  
  243. [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
  244. Reference: https://wpvulndb.com/vulnerabilities/8819
  245. Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  246. Reference: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
  247. Reference: https://hackerone.com/reports/203515
  248. Reference: https://hackerone.com/reports/203515
  249. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
  250. [i] Fixed in: 4.7.5
  251.  
  252. [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
  253. Reference: https://wpvulndb.com/vulnerabilities/8820
  254. Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  255. Reference: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
  256. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
  257. [i] Fixed in: 4.7.5
  258.  
  259. [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
  260. Reference: https://wpvulndb.com/vulnerabilities/8905
  261. Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  262. Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  263. Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
  264. [i] Fixed in: 4.8.2
  265.  
  266. [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
  267. Reference: https://wpvulndb.com/vulnerabilities/8906
  268. Reference: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
  269. Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  270. Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  271. Reference: https://wpvulndb.com/vulnerabilities/8905
  272. [i] Fixed in: 4.7.5
  273.  
  274. [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
  275. Reference: https://wpvulndb.com/vulnerabilities/8910
  276. Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  277. Reference: https://core.trac.wordpress.org/changeset/41398
  278. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
  279. [i] Fixed in: 4.8.2
  280.  
  281. [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
  282. Reference: https://wpvulndb.com/vulnerabilities/8911
  283. Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  284. Reference: https://core.trac.wordpress.org/changeset/41457
  285. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
  286. [i] Fixed in: 4.8.2
  287.  
  288. [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
  289. Reference: https://wpvulndb.com/vulnerabilities/8941
  290. Reference: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
  291. Reference: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
  292. Reference: https://twitter.com/ircmaxell/status/923662170092638208
  293. Reference: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
  294. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
  295. [i] Fixed in: 4.8.3
  296.  
  297. [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
  298. Reference: https://wpvulndb.com/vulnerabilities/8966
  299. Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  300. Reference: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
  301. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
  302. [i] Fixed in: 4.9.1
  303.  
  304. [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
  305. Reference: https://wpvulndb.com/vulnerabilities/8967
  306. Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  307. Reference: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
  308. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
  309. [i] Fixed in: 4.9.1
  310.  
  311. [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
  312. Reference: https://wpvulndb.com/vulnerabilities/9021
  313. Reference: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
  314. Reference: https://github.com/quitten/doser.py
  315. Reference: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
  316. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
  317.  
  318. [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
  319. Reference: https://wpvulndb.com/vulnerabilities/9100
  320. Reference: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
  321. Reference: http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
  322. Reference: https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
  323. Reference: https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
  324. Reference: https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
  325. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!