g0blin Research

The default installation of ‘Grand Flagallery’ plugin for WordPress contains a file which, if invalid input is provided to it, results in a full path disclosure of the web root.

The Profile Builder plugin for WordPress suffers from a Reflected XSS attack on a file which is included by the default plugin installation, named ‘assets/misc/fallback-page.php?’. The following QSAs are vulnerable: site_name, message, site_url

Due to exposing two AJAX functions to anonymous users by using the ‘nopriv’ method of adding AJAX actions, anonymous users are able to insert new forms, and edit the content of existing forms. Utilizing either of these methods can result in a...

Due to exposing an AJAX function to anonymous users by using the ‘nopriv’ method of adding an AJAX action, anonymous users are able to insert arbitrary HTML / Javascript onto the site globally.

The output of an un-sanitized QSA string allows injection of arbitrary content on the WordPress admin panel. Quotes are escaped with slashes before being output, so the attacker must take this in to account when generating a payload.

Due to exposing an AJAX function to anonymous users by using the ‘nopriv’ method of adding an AJAX action, anonymous users are able to insert arbitrary HTML / Javascript onto the site globally.

Due to exposing an AJAX function to anonymous users by using the ‘nopriv’ method of adding an AJAX action, anonymous users are able to insert arbitrary HTML / Javascript onto the site globally.

While doing some digging about for various trivial vulnerabilities in WordPress plugins, I came across a file which was included in a number of plugins. This file appears to be part of a WordPress themes and plugin framework called ‘redux-framework’,...

The Titan Framework contains a file in its repository which is distributed with the version obtained from ‘wordpress.org’, named ‘iframe-googlefont-preview.php’. The intention of this file is to allow users to preview fonts included from the Google...