Skip to content

;

WPScan

WordPress Vulnerability Database

I try to help keep the internet safer by investigating security issues in Open Source code.

These are my findings for WPScan, one of the most used WordPress vulnerability scanners and part of Kali Linux distribution.

  • WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF (CVE-2021-24832) [Details]
  • Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access (CVE-2021-24851) [Details]
  • Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting (CVE-2021-24850) [Details]
  • About Author Box < 1.0.2 - Contributor+ Stored Cross-Site Scripting (CVE-2021-24745) [Details]
  • Get Custom Field Values < 4.0.1 - Contributor+ Stored Cross-Site Scripting (CVE-2021-24871) [Details]
  • Get Custom Field Values < 4.0 - Contributors+ Arbitrary Metadata Access (CVE-2021-24872) [Details]
  • Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF (CVE-2021-24780) [Details]
  • WP Limits <= 1.0 - Plugin's Settings Update via CSRF (CVE-2021-24818) [Details]
  • Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts Access (CVE-2021-24819) [Details]
  • Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts Access (CVE-2021-24845) [Details]
  • Display Post Metadata <= 1.4.0 - Contributor+ Stored Cross-Site Scripting (CVE-2021-24855) [Details]
  • User Meta Shortcodes <= 0.5 - Contributor+ Unauthorized User Meta Access (CVE-2021-24859) [Details]

10+ waiting for disclosure