New WordPress Vulnerability checks

Posted on

The following new vulnerability checks has been added to WPScans.com: Custom Permalinks <= 1.1 – Authenticated SQL Injection Custom Permalinks <= 1.1 – Cross-Site Scripting (XSS) Photo Gallery by WD <= 1.3.66 – Cross-Site Scripting (XSS) WP Fastest Cache <= 0.8.7.4 – Blind SQL Injection WooCommerce <= 3.2.3 – Authenticated PHP Object Injection Ninja Forms <= 3.2.13 – Cross-Site Scripting (XSS) Swape Theme – Authentication Bypass and Stored XSS flickrRSS <= 5.3.1 – XSS and CSRF Instagram Feed <= 1.5.1 – Cross-Site Scripting (XSS) Run your free scan at WPScans.com >

WordPress 4.9.2 is now available

Posted on

WordPress 4.9.2 is now available for download. This release is a security and maintenance release for all versions since WordPress 3.7. WPScans strongly encourage you to update your sites immediately. We also recommend using WPScans.com to scan your WordPress installation. This release contains a critical security fix for a XSS security bug in the Media Elements library fallback files. Since the fallback files are written in flash and not needed they have been removed from WordPress.

How to sniff WordPress login credentials with Wireshark over an HTTP connection

Posted on

Wireshark is a network protocol analyzer that can provide granular visibility on traffic traversing your network. It runs on a wide variety of operating systems and can be used it to view live traffic or capture traffic to a file for offline analysis. Virtually all known network protocols are supported, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2. WordPress, on the other hand, is the most popular content management system in the world, with a significant percentage of its installed base still being administered over HTTP. In this article, we’ll be using Wireshark to sniff and extract WordPress login credentials leaving the local computer. The application we’ll actually use to capture traffic is named Tshark, a command line implementation[…]

New WordPress Vulnerability checks – Week 49

Posted on

WPScans.com has been updated with the following new vulnerability checks: Content Cards <= 0.9.6 – Cross-Site Scripting (XSS) WP Mailster <= 1.5.4 – Unauthenticated Cross-Site Scripting (XSS) Apocalypse Meow <= 21.2.7 – BCrypt Authentication Bypass Smart Marketing SMS and Newsletters Forms <= 1.1.1 – Unauthenticated Cross-Site Scripting (XSS) Run your free WordPress Security Scan at wpscans.com

WordPress 4.9.1 Security and Maintenance Update

Posted on

WordPress 4.9.1 has now been released. This update is a security and maintenance release for all versions since WordPress 3.7. WPScans strongly encourage you to update your WordPress sites immediately. WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team’s ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1: Use a properly generated hash for the newbloguser key instead of a determinate substring. Add escaping to the language attributes used on html elements. Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability. The security problems has[…]

WordPress 4.8.3 Security Release

Posted on

A new WordPress version was just release. This new version addresses a security problem with the $wpdb->prepare() function. From the release notes: WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara. As the above notes says the vulnerability might affect thousands of plugins or themes and Anthony has more technical information on his blog here. WPScans.com has been updated to check for this vulnerability.

WPScans is now available as a Hidden Service on Tor

Posted on

You can now connect to WPScans using the Tor onion network. WPScans is now a Hidden Service and you can use the following address to reach WPScans from TorBrowser or Tails: wpscanskzvjc4s2s.onion This is a screenshot from the Tor Browser: Screenshot from The Amnesic Incognito Live System, Tails visiting the onion url:

WordPress Vulnerability Testing with Nmap

Posted on

Nmap is one our favorite tool when it comes to security testing (except for WPSec.com). Nmap was created in 1997 by Gordon Lyon aka Fyodor. The current version 7.60 contains about 580 different NSE-scripts (Nmap Scripting Engine) used for different security checks or information gathering and about six of them are related to WordPress. Our first test is to just use the default options in nmap and see which ports that are open: Btw, we are using the amazing penetration testing Kali Linux distro. The above screenshot shows that there is a webserver, ssh server and MySQL listening on the network. Exposing MySQL to the network is not really safe, it’s not the target this time. The following Nmap NSE scripts are directly related to WordPress:[…]

New WordPress vulnerability checks week 40

Posted on

The following three new WordPress plugin vulnerability checks has been added to WPScans. More than 21 new checks for Cross-Site Scripting, XSS, CSRF, backdoors and SQL-injections: BackupGuard <= 1.1.46 – Authenticated Cross-Site Scripting (XSS) WooCommerce Product Vendors Plugin <= 2.0.27 – Unauthenticated Reflected XSS Participants Database <= 1.7.5.9 – Cross-Site Scripting Display Widgets 2.6.0-2.6.3.1 – Backdoored Pinfinity Theme <= 1.9.2 – Reflected Cross-site Scripting (XSS) SmokeSignal <= 1.2.6 – Authenticated Stored XSS WP Like Post <= 1.5.2 – Authenticated SQL Injection SQL Shortcode <= 1.1 – Authenticated SQL Execution WordPress 2.3.0-4.8.1 – $wpdb->prepare() potential SQL Injection Responsive Image Gallery, Gallery Album <= 1.2.0 – Authenticated SQL Injection VaultPress 1.89-1.9 – Unauthenticated RCE Content Audit <= 1.9.1 – Cross-Site Scripting (XSS)[…]