Cedric’s Cruft

  • Blog
  • Tools
April 2015 (1)

WordPress < 4.1.2 Stored XSS vulnerability

WordPress 4.1.2 is available as of April 21, 2015. WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site (WP blog). tldr; mysql → special characters → truncation → input validation → output sanitisation → xss → time to update WordPress. Introduction: MySQL […]

Read Post
2100 days ago 72 Comments Uncategorized
Recent Posts
  • Tracing API calls in Burp with Frida
  • SANS Holiday Hack Challenge 2015 writeup
  • SECCON 2015 – Reverse engineering Android APK 2 – 400 writeup
  • WordPress < 4.1.2 Stored XSS vulnerability
  • Reverse engineering the HITB binary 100 CTF challenge
Recent Comments
  • Tech En bref : une faille critique découverte dans WordPress | KANO on WordPress < 4.1.2 Stored XSS vulnerability
  • New Security Flaw Allows Attackers to Hijack WordPress Sites – My WordPress Website on WordPress < 4.1.2 Stored XSS vulnerability
  • Millions at risk with Critical WordPress Zero-day Vulnerability on WordPress < 4.1.2 Stored XSS vulnerability
  • h4niz on Tracing API calls in Burp with Frida
  • Millions at risk with Critical Wordpress Zero-day Vulnerability | MageShield | Secure & simple magento maintenance on WordPress < 4.1.2 Stored XSS vulnerability
Archives
  • January 2017
  • January 2016
  • December 2015
  • April 2015
  • June 2014
  • December 2013
© 2013-2017 Cedric Van Bockhaven