Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1mks4n strtm poker
- [!] 9 vulnerabilities identified:
- |
- | [!] Title: WordPress <= 5.0 - Authenticated File Delete
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9169
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9170
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
- |
- | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9171
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9172
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9173
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
- |
- | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9174
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9175
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
- |
- | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9222
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8943
- | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
- | - https://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce
- |
- | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
- | Fixed in: 4.9.10
- | References:
- | - https://wpvulndb.com/vulnerabilities/9230
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
- | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
- | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
- | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
- [!] The version is out of date, the latest version is 11.9
- |
- | Detected By: Comment (Passive Detection)
- |
- | [!] 2 vulnerabilities identified:
- |
- | [!] Title: Yoast SEO <= 9.1 - Authenticated Race Condition
- | Fixed in: 9.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/9150
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19370
- | - https://plugins.trac.wordpress.org/changeset/1977260/wordpress-seo
- | - https://www.youtube.com/watch?v=nL141dcDGCY
- | - http://packetstormsecurity.com/files/150497/
- | - https://github.com/Yoast/wordpress-seo/pull/11502/commits/3bfa70a143f5ea3ee1934f3a1703bb5caf139ffa
- |
- | [!] Title: Yoast SEO 1.2.0-11.5 - Authenticated Stored XSS
- | Fixed in: 11.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/9445
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13478
- | - https://gist.github.com/sybrew/2f53625104ee013d2f599ac254f635ee
- | - https://github.com/Yoast/wordpress-seo/pull/13221
- | - https://yoast.com/yoast-seo-11.6/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement