File Manager [Authenticated Arbitrary File Download]

11 Jan 2020

WordPress plugin File Manager doesn’t implement security checks when performing specific actions, thus leading to a Local File Disclosure vulnerability.

WordPress Plugins Authenticated Arbitrary File Download Local File Inclusion LFI

Quick Page/Post Redirect Plugin [Unvalidated Redirects and Forwards]

20 Dec 2019

Quick Page/Post Redirect Plugin suffers from a Unvalidated Redirects and Forwards vulnerability through Privilege Escalation.

WordPress Plugins Unvalidated Redirects and Forwards

Subscribe2 [Sensitive Data Exposure]

17 Jun 2019
WordPress Plugins Sensitive Data Exposure

Gallery – Flagallery Photo Portfolio [CSRF → File Upload]

25 May 2019

Gallery – Flagallery Photo Portfolio WordPress plugin suffers from a CSRF vulnerability that could lead to arbitrary file uploads.

WordPress Plugins CSRF

Form Maker by WD [CSRF → LFI]

17 Mar 2019

Multiple CSRF issues in Form Maker by WD WordPress plugin.

WordPress Plugins CSRF