Re: [FD] Arbitrary code execution by admins in File Gallery 1.7.7 (WordPress plugin)

o not need to justify any amount of time. On Wed, Apr 30, 2014 at 1:50 PM, Harry Metcalfe <mailto:ha...@dxw.com>> wrote: Hi Illwill, What circumstance would a WordPress admin not usually have this kind of access anyhow? As Dave said, there are var

Re: [FD] Arbitrary code execution by admins in File Gallery 1.7.7 (WordPress plugin)

at is permitted in multiuser mode, or whether this plugin works in multiuser mode or not. -- Harry Metcalfe 07790 559 876 @harrym ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archi

[FD] CSRF vulnerability in WP HTML Sitemap 1.2 (WordPress plugin)

Details Software: WP HTML Sitemap Version: 1.2 Homepage: http://wordpress.org/plugins/wp-html-sitemap/ CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N) Description CSRF vulnerability in WP HTML Sitemap 1.2 Vulnerability A CSRF vulnerability exists

[FD] XSS, CSRF and blind SQL injection in GD Star Rating 1.9.22 (WordPress plugin)

Details Software: GD Star Rating Version: 1.9.22 Homepage: http://wordpress.org/plugins/gd-star-rating/ CVSS: 8.5 (High; AV:N/AC:L/Au:S/C:C/I:N/A:C) Description XSS, CSRF and blind SQL injection in GD Star Rating 1.9.22 Vulnerability This plugin

[FD] End-user exploitable local file inclusion vulnerability in Ajax Pagination (twitter Style) 1.1 (WordPress plugin)

Details Software: Ajax Pagination (twitter Style) Version: 1.1 Homepage: http://wordpress.org/plugins/ajax-pagination/ CVSS: 9.3 (High; AV:N/AC:M/Au:N/C:C/I:C/A:C) Description End-user exploitable local file inclusion vulnerability in Ajax Pagination (twitter St