Cross-Site Scripting vulnerability in ColorWay WordPress Theme

https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_colorway_wordpress_theme.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal

Cross-Site Scripting in Code Snippets WordPress Plugin

/cross_site_scripting_in_code_snippets_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

Cross-Site Scripting in Contact Form to Email WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_contact_form_to_email_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular

Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP

ails https://sumofpwn.nl/advisory/2016/insert_php_wordpress_plugin_allows_authenticated_user_to_execute_arbitrary_php.html ---- Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its

SQL injection vulnerability in Booking Calendar WordPress Plugin

. Details https://sumofpwn.nl/advisory/2016/sql_injection_vulnerability_in_booking_calendar_wordpress_plugin.html Summer of Pwnage (https

Cross-Site Scripting in Contact Bank WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_contact_bank_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community

Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_booking_calendar_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project

Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin

https://sumofpwn.nl/advisory/2016/stored_cross_site_scripting_vulnerability_in_easy_testimonials_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch

Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA

nl/advisory/2016/multiple_vulnerabilities_in_all_in_one_wp_security___firewall_plugin_login_captcha.html ---- Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely u

Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_alo_easymail_newsletter_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security

Cross-Site Scripting in Activity Log WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_activity_log_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal

Cross-Site Scripting in WordPress Landing Pages Plugin

/2016/cross_site_scripting_in_wordpress_landing_pages_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun

Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_search_function_activity_log_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community

Persistent Cross-Site Scripting in WordPress Activity Log plugin

/persistent_cross_site_scripting_in_wordpress_activity_log_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun

Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress

Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin

. Details https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_simple_membership_wordpress_plugin.html Summer of Pwnage (https

Cross-Site Scripting vulnerability in Google Forms WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_google_forms_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community

Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin

. Details https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_wp_no_external_links_wordpress_plugin.html Summer of Pwnage

Multiple SQL injection vulnerabilities in WordPress Video Player

n.nl/advisory/2016/multiple_sql_injection_vulnerabilities_in_wordpress_video_player.html ---- Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used

Cross-Site Request Forgery in Icegram WordPress Plugin

sory/2016/cross_site_request_forgery_in_icegram_wordpress_plugin.html ---- Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a

Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin

://sumofpwn.nl/advisory/2016/multiple_cross_site_scripting_vulnerabilities_in_ninja_forms_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security

Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF)

Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin

Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

Cross-Site Scripting vulnerability in Master Slider WordPress Plugin

. Details https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_master_slider_wordpress_plugin.html Summer of Pwnage (https

Cross-Site Scripting vulnerability in Email Users WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_email_users_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community

Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin

Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

WP Fastest Cache Member Local File Inclusion vulnerability

://sumofpwn.nl/advisory/2016/wp_fastest_cache_member_local_file_inclusion_vulnerability.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used

Easy Forms for MailChimp Local File Inclusion vulnerability

https://sumofpwn.nl/advisory/2016/easy_forms_for_mailchimp_local_file_inclusion_vulnerability.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular

Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin

Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin David Vaartjes, July 2016

Persistent Cross-Site Scripting in WP Live Chat Support plugin

https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_wp_live_chat_support_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community

Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability

https://sumofpwn.nl/advisory/2016/ecwid_ecommerce_shopping_cart_wordpress_plugin_unauthenticated_php_object_injection_vulnerability.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal

Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin

. Details https://sumofpwn.nl/advisory/2016/stored_cross_site_scripting_vulnerability_in_count_per_day_wordpress_plugin.html Summer of Pwnage

Cross-Site Scripting in FormBuilder WordPress Plugin

Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

Cross-Site Scripting in Count per Day WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_count_per_day_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal

Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin

. Details https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_events_made_easy_wordpress_plugin.html Summer of Pwnage

Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin

. Details https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_vulnerability_in_add_from_server_wordpress_plugin.html Summer of Pwnage (https

Cross-Site Scripting in Uji Countdown WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_uji_countdown_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal

Cross-Site Scripting in WangGuard WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_wangguard_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute

Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin

. Details https://sumofpwn.nl/advisory/2016/stored_cross_site_scripting_vulnerability_in_photo_gallery_wordpress_plugin.html Summer of Pwnage (https

Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images

/cross_site_request_forgery_in_photo_gallery_wordpress_plugin_allows_deleting_of_images.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin

/cross_site_scripting_cross_site_request_forgery_in_peter_s_login_redirect_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects

Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images

/cross_site_request_forgery_in_photo_gallery_wordpress_plugin_allows_adding_of_images.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries

/cross_site_request_forgery_in_photo_gallery_wordpress_plugin_allows_deleting_of_galleries.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

Cross-Site Scripting vulnerability in Google Maps WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_google_maps_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute

Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_vulnerability_in_email_users_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project

Multiple blind SQL injection vulnerabilities in FormBuilder WordPress Plugin

https://sumofpwn.nl/advisory/2016/multiple_blind_sql_injection_vulnerabilities_in_formbuilder_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl

Persistent Cross-Site Scripting vulnerability in User Access Manager WordPress Plugin

Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

Google Forms WordPress Plugin unauthenticated PHP Object injection vulnerability

/google_forms_wordpress_plugin_unauthenticated_php_object_injection_vulnerability.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun

Cross-Site Scripting in Link Library WordPress Plugin

Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin

https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_magic_fields_1_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute

Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin

https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_magic_fields_2_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute

Ajax Load More Local File Inclusion vulnerability

/advisory/2016/ajax_load_more_local_file_inclusion_vulnerability.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun

Path traversal vulnerability in WordPress Core Ajax handlers

Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

Cross-Site Scripting in Calendar WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_calendar_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute

Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_quotes_collection_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal

Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin

://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_wassup_real_time_analytics_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security

Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_huge_it_portfolio_gallery_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch

Cross-Site Scripting in Check Email WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_check_email_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute

Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin

https://sumofpwn.nl/advisory/2016/stored_cross_site_scripting_in_wp_canvas___shortcodes_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl

WordPress audio playlist functionality is affected by Cross-Site Scripting

/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS

Analytics Stats Counter Statistics WordPress Plugin unauthenticated PHP Object injection vulnerability

://sumofpwn.nl/advisory/2016/analytics_stats_counter_statistics_wordpress_plugin_unauthenticated_php_object_injection_vulnerability.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute

Admin Custom Login WordPress plugin affected by persistent Cross-Site Scripting via Logo URL field

Admin Custom Login WordPress plugin affected by persistent Cross-Site Scripting via Logo URL field Burak Kelebek, July 2016

Admin Custom Login WordPress plugin custom login page affected by persistent Cross-Site Scripting

/admin_custom_login_wordpress_plugin_custom_login_page_affected_by_persistent_cross_site_scripting.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

Cross-Site Request Forgery in File Manager WordPress plugin

Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

Cross-Site Request Forgery in Global Content Blocks WordPress Plugin

://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_global_content_blocks_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular

Cross-Site Scripting vulnerability in Gwolle Guestbook WordPress Plugin

/cross_site_scripting_vulnerability_in_gwolle_guestbook_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

Persistent Cross-Site Scripting in the WordPress NewStatPress plugin

Details https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_the_wordpress_newstatpress_plugin.html Summer of Pwnage (https

Cross-Site Request Forgery in WordPress Download Manager Plugin

Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

Gwolle Guestbook mass action vulnerable for Cross-Site Request Forgery

Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

Cross-Site Request Forgery in Atahualpa WordPress Theme

Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.

Cross-Site Scripting in Magic Fields 1 WordPress Plugin

https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_magic_fields_1_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal

Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin

/2016/stored_cross_site_scripting_vulnerability_in_user_login_log_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS

Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin

ttps://sumofpwn.nl/advisory/2016/cross_site_request_forgery___cross_site_scripting_in_contact_form_manager_wordpress_plugin.html ---- Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the secu

Stored Cross-Site Scripting vulnerability in Contact Form WordPress Plugin

https://sumofpwn.nl/advisory/2016/stored_cross_site_scripting_vulnerability_in_contact_form_wordpress_plugin.html Summer of Pwnage (https://sumofpwn.nl

Broken TLS certificate pinning in VTech DigiGo Kid Connect app

Broken TLS certificate pinning in VTech DigiGo Kid Connect app Sipke Mellema, September 2017

Seagate Media Server allows deleting of arbitrary files and folders

Seagate Media Server allows deleting of arbitrary files and folders Yorick Koster, September 2017

Multiple vulnerabilities in VTech DigiGo allow browser overlay attack

Multiple vulnerabilities in VTech DigiGo allow browser overlay attack Sipke Mellema, September 2017

Broken TLS certificate validation in VTech DigiGo browser

Broken TLS certificate validation in VTech DigiGo browser Sipke Mellema, September 2017

Seagate Media Server multiple SQL injection vulnerabilities

Seagate Media Server multiple SQL injection vulnerabilities Yorick Koster, September 2017

Seagate Media Server stored Cross-Site Scripting vulnerability

Seagate Media Server stored Cross-Site Scripting vulnerability Yorick Koster, September 2017

Seagate Media Server path traversal vulnerability

Seagate Media Server path traversal vulnerability Yorick Koster, September 2017

Seagate Personal Cloud multiple information disclosure vulnerabilities

Seagate Personal Cloud multiple information disclosure vulnerabilities Yorick Koster, September 2017