API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 22nd, 2019
114
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.61 KB | None | 0 0
raw download clone embed print report
  1. 1mks4n strtm poker
  2.  
  3. [!] 9 vulnerabilities identified:
  4. |
  5. | [!] Title: WordPress <= 5.0 - Authenticated File Delete
  6. | Fixed in: 4.9.9
  7. | References:
  8. | - https://wpvulndb.com/vulnerabilities/9169
  9. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
  10. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  11. |
  12. | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
  13. | Fixed in: 4.9.9
  14. | References:
  15. | - https://wpvulndb.com/vulnerabilities/9170
  16. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
  17. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  18. | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
  19. |
  20. | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
  21. | Fixed in: 4.9.9
  22. | References:
  23. | - https://wpvulndb.com/vulnerabilities/9171
  24. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
  25. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  26. |
  27. | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
  28. | Fixed in: 4.9.9
  29. | References:
  30. | - https://wpvulndb.com/vulnerabilities/9172
  31. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
  32. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  33. |
  34. | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
  35. | Fixed in: 4.9.9
  36. | References:
  37. | - https://wpvulndb.com/vulnerabilities/9173
  38. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
  39. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  40. | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
  41. |
  42. | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
  43. | Fixed in: 4.9.9
  44. | References:
  45. | - https://wpvulndb.com/vulnerabilities/9174
  46. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
  47. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  48. |
  49. | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
  50. | Fixed in: 4.9.9
  51. | References:
  52. | - https://wpvulndb.com/vulnerabilities/9175
  53. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
  54. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  55. | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
  56. |
  57. | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
  58. | Fixed in: 4.9.9
  59. | References:
  60. | - https://wpvulndb.com/vulnerabilities/9222
  61. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
  62. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8943
  63. | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
  64. | - https://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce
  65. |
  66. | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
  67. | Fixed in: 4.9.10
  68. | References:
  69. | - https://wpvulndb.com/vulnerabilities/9230
  70. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
  71. | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
  72. | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
  73. | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
  74.  
  75. [!] The version is out of date, the latest version is 11.9
  76. |
  77. | Detected By: Comment (Passive Detection)
  78. |
  79. | [!] 2 vulnerabilities identified:
  80. |
  81. | [!] Title: Yoast SEO <= 9.1 - Authenticated Race Condition
  82. | Fixed in: 9.2
  83. | References:
  84. | - https://wpvulndb.com/vulnerabilities/9150
  85. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19370
  86. | - https://plugins.trac.wordpress.org/changeset/1977260/wordpress-seo
  87. | - https://www.youtube.com/watch?v=nL141dcDGCY
  88. | - http://packetstormsecurity.com/files/150497/
  89. | - https://github.com/Yoast/wordpress-seo/pull/11502/commits/3bfa70a143f5ea3ee1934f3a1703bb5caf139ffa
  90. |
  91. | [!] Title: Yoast SEO 1.2.0-11.5 - Authenticated Stored XSS
  92. | Fixed in: 11.6
  93. | References:
  94. | - https://wpvulndb.com/vulnerabilities/9445
  95. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13478
  96. | - https://gist.github.com/sybrew/2f53625104ee013d2f599ac254f635ee
  97. | - https://github.com/Yoast/wordpress-seo/pull/13221
  98. | - https://yoast.com/yoast-seo-11.6/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!