Back

Article: Some WordPress exploits


I found that repository some days ago. Seems to be useful stuff (although probably already mass-exploited by some skids).
They are all public.

  • Wordpress plugin wordfence 7.4.6 - Cross-Site Scripting
  • Duplicator: Unauthenticated Arbitrary File Download
  • WPS Hide Login v1.5.2.2 login page Bypass
  • WordPress WP Fastest Cache 0.8.9.5 Directory Traversal
  • WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution
  • Ninja Forms File Uploads Extension <= 3.0.22 – Unauthenticated Arbitrary File Upload
  • Infinite WP Client: Authentication Bypass
  • All-in-One WP Migration <=7.14 Arbitrary Backup Download
  • All In One WP Security & Firewall <= 4.4.1 - Open Redirect & Hidden Login Page Exposure

https://github.com/Mad-robot/wordpress-exploits