Hi guys! Sorry for my eng, you may chat in russian, I will understand.
Have a problem: already know wordpress version, users and a few vulnerabilities/CVE numbers
So... Smb know how and which of them can help to brute passwd or maybe load backdoor/shell?
Have a problem: already know wordpress version, users and a few vulnerabilities/CVE numbers
[+] WordPress version 3.2.1 (Released on 2011-07-12) identified from sitemap generator, links opml
[!] 37 vulnerabilities identified from the version number
[!] Title: WordPress 2.5 - 3.3.1 XSS in swfupload
Reference: WordPress 2.5 - 3.3.1 XSS in swfupload
Reference: Full Disclosure: XSS vulnerability in swfupload in WordPress
Fixed in: 3.3.2
[!] Title: WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning
Reference: WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning
Reference: FireFart/WordpressPingbackPortScanner
Reference: CVE - CVE-2013-0235
Fixed in: 3.5.1
[!] Title: WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues
Reference: WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues
Reference: @ONsec_Lab: WordPress XMLRPC pingback additional issues
[!] Title: WordPress <= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php
Reference: WordPress <= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php
Reference: CVE - CVE-2012-6633
Fixed in: 3.3.3
[!] Title: WordPress <= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass
Reference: WordPress <= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass
Reference: CVE - CVE-2012-6634
Fixed in: 3.3.3
[!] Title: WordPress <= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft
Reference: WordPress <= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft
Reference: CVE - CVE-2012-6635
Fixed in: 3.3.3
[!] Title: WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass
Reference: WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass
Reference: WordPress 3.6 URL Redirection ≈ Packet Storm
Reference: Changeset 25323 – WordPress Trac
Reference: Mailing List Archive: URL Redirector Abuse and XSS vulnerabilities in WordPress
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339
Reference: https://secunia.com/advisories/54803/
Reference: https://www.exploit-db.com/exploits/28958/
Fixed in: 3.6.1
[!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
Reference: https://wpvulndb.com/vulnerabilities/7528
Reference: https://core.trac.wordpress.org/changeset/29384
Reference: https://core.trac.wordpress.org/changeset/29408
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
Fixed in: 3.9.2
[!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
Reference: https://wpvulndb.com/vulnerabilities/7529
Reference: https://core.trac.wordpress.org/changeset/29398
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
Fixed in: 3.9.2
[!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
Reference: https://wpvulndb.com/vulnerabilities/7680
Reference: http://klikki.fi/adv/wordpress.html
Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
Reference: http://klikki.fi/adv/wordpress_update.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
Fixed in: 4.0
[!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
Reference: https://wpvulndb.com/vulnerabilities/7681
Reference: http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
Reference: https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
Reference: https://www.exploit-db.com/exploits/35413/
Reference: https://www.exploit-db.com/exploits/35414/
Fixed in: 4.0.1
[!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
Reference: https://wpvulndb.com/vulnerabilities/7696
Reference: http://www.securityfocus.com/bid/71234/
Reference: https://core.trac.wordpress.org/changeset/30444
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
Fixed in: 4.0.1
[!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
Reference: https://wpvulndb.com/vulnerabilities/8111
Reference: https://wordpress.org/news/2015/07/wordpress-4-2-3/
Reference: Reference: https://klikki.fi/adv/wordpress3.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
Fixed in: 4.2.3
[!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
Reference: https://wpvulndb.com/vulnerabilities/8473
Reference: https://codex.wordpress.org/Version_4.5
Reference: https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
Fixed in: 4.5
[!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
Reference: https://wpvulndb.com/vulnerabilities/8474
Reference: https://codex.wordpress.org/Version_4.5
Reference: https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
Fixed in: 4.5
[!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
Reference: https://wpvulndb.com/vulnerabilities/8475
Reference: https://codex.wordpress.org/Version_4.5
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
Fixed in: 4.5
[!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
Reference: https://wpvulndb.com/vulnerabilities/8520
Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
Reference: https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
Fixed in: 4.5.3
[!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
Reference: https://wpvulndb.com/vulnerabilities/8615
Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
Reference: https://sumofpwn.nl/advisory/2016/p...s_due_to_unsafe_processing_of_file_names.html
Reference: http://seclists.org/fulldisclosure/2016/Sep/6
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
Fixed in: 4.6.1
[!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
Reference: https://wpvulndb.com/vulnerabilities/8616
Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
Fixed in: 4.6.1
[!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
Reference: https://wpvulndb.com/vulnerabilities/8716
Reference: https://github.com/WordPress/WordPr...bf72d513ca9de66566c2/wp-admin/update-core.php
Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
Fixed in: 4.7.1
[!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
Reference: https://wpvulndb.com/vulnerabilities/8719
Reference: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
Fixed in: 4.7.1
[!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
Reference: https://wpvulndb.com/vulnerabilities/8720
Reference: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
Fixed in: 4.7.1
[!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Reference: https://wpvulndb.com/vulnerabilities/8721
Reference: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
Fixed in: 4.7.1
[!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
Reference: https://wpvulndb.com/vulnerabilities/8766
Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
Fixed in: 4.7.3
[!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
Reference: https://wpvulndb.com/vulnerabilities/8807
Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
Reference: https://core.trac.wordpress.org/ticket/25239
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
[!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
Reference: https://wpvulndb.com/vulnerabilities/8815
Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
Fixed in: 4.7.5
[!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
Reference: https://wpvulndb.com/vulnerabilities/8816
Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
Fixed in: 4.7.5
[!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
Reference: https://wpvulndb.com/vulnerabilities/8818
Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
Reference: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
Reference: https://sumofpwn.nl/advisory/2016/c...gery_in_wordpress_connection_information.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
Fixed in: 4.7.5
[!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
Reference: https://wpvulndb.com/vulnerabilities/8905
Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
Fixed in: 4.8.2
[!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
Reference: https://wpvulndb.com/vulnerabilities/8906
Reference: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
Reference: https://wpvulndb.com/vulnerabilities/8905
Fixed in: 4.7.5
[!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
Reference: https://wpvulndb.com/vulnerabilities/8910
Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
Reference: https://core.trac.wordpress.org/changeset/41398
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
Fixed in: 4.8.2
[!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
Reference: https://wpvulndb.com/vulnerabilities/8911
Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
Reference: https://core.trac.wordpress.org/changeset/41457
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
Fixed in: 4.8.2
[!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
Reference: https://wpvulndb.com/vulnerabilities/8941
Reference: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
Reference: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
Reference: Reference: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
Fixed in: 4.8.3
[!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
Reference: https://wpvulndb.com/vulnerabilities/8966
Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
Fixed in: 4.9.1
[!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
Reference: https://wpvulndb.com/vulnerabilities/8967
Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
Fixed in: 4.9.1
[!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
Reference: https://wpvulndb.com/vulnerabilities/9021
Reference: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
Reference: https://github.com/quitten/doser.py
Reference: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
[!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
Reference: https://wpvulndb.com/vulnerabilities/9100
Reference: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
Reference: http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
Reference: https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
Reference: https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
Reference: https://www.wordfence.com/blog/2018...ion-vulnerability-patched-in-wordpress-4-9-7/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
[!] 37 vulnerabilities identified from the version number
[!] Title: WordPress 2.5 - 3.3.1 XSS in swfupload
Reference: WordPress 2.5 - 3.3.1 XSS in swfupload
Reference: Full Disclosure: XSS vulnerability in swfupload in WordPress
Fixed in: 3.3.2
[!] Title: WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning
Reference: WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning
Reference: FireFart/WordpressPingbackPortScanner
Reference: CVE - CVE-2013-0235
Fixed in: 3.5.1
[!] Title: WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues
Reference: WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues
Reference: @ONsec_Lab: WordPress XMLRPC pingback additional issues
[!] Title: WordPress <= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php
Reference: WordPress <= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php
Reference: CVE - CVE-2012-6633
Fixed in: 3.3.3
[!] Title: WordPress <= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass
Reference: WordPress <= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass
Reference: CVE - CVE-2012-6634
Fixed in: 3.3.3
[!] Title: WordPress <= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft
Reference: WordPress <= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft
Reference: CVE - CVE-2012-6635
Fixed in: 3.3.3
[!] Title: WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass
Reference: WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass
Reference: WordPress 3.6 URL Redirection ≈ Packet Storm
Reference: Changeset 25323 – WordPress Trac
Reference: Mailing List Archive: URL Redirector Abuse and XSS vulnerabilities in WordPress
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339
Reference: https://secunia.com/advisories/54803/
Reference: https://www.exploit-db.com/exploits/28958/
Fixed in: 3.6.1
[!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
Reference: https://wpvulndb.com/vulnerabilities/7528
Reference: https://core.trac.wordpress.org/changeset/29384
Reference: https://core.trac.wordpress.org/changeset/29408
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
Fixed in: 3.9.2
[!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
Reference: https://wpvulndb.com/vulnerabilities/7529
Reference: https://core.trac.wordpress.org/changeset/29398
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
Fixed in: 3.9.2
[!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
Reference: https://wpvulndb.com/vulnerabilities/7680
Reference: http://klikki.fi/adv/wordpress.html
Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
Reference: http://klikki.fi/adv/wordpress_update.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
Fixed in: 4.0
[!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
Reference: https://wpvulndb.com/vulnerabilities/7681
Reference: http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
Reference: https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
Reference: https://www.exploit-db.com/exploits/35413/
Reference: https://www.exploit-db.com/exploits/35414/
Fixed in: 4.0.1
[!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
Reference: https://wpvulndb.com/vulnerabilities/7696
Reference: http://www.securityfocus.com/bid/71234/
Reference: https://core.trac.wordpress.org/changeset/30444
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
Fixed in: 4.0.1
[!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
Reference: https://wpvulndb.com/vulnerabilities/8111
Reference: https://wordpress.org/news/2015/07/wordpress-4-2-3/
Reference: Reference: https://klikki.fi/adv/wordpress3.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
Fixed in: 4.2.3
[!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
Reference: https://wpvulndb.com/vulnerabilities/8473
Reference: https://codex.wordpress.org/Version_4.5
Reference: https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
Fixed in: 4.5
[!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
Reference: https://wpvulndb.com/vulnerabilities/8474
Reference: https://codex.wordpress.org/Version_4.5
Reference: https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
Fixed in: 4.5
[!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
Reference: https://wpvulndb.com/vulnerabilities/8475
Reference: https://codex.wordpress.org/Version_4.5
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
Fixed in: 4.5
[!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
Reference: https://wpvulndb.com/vulnerabilities/8520
Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
Reference: https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
Fixed in: 4.5.3
[!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
Reference: https://wpvulndb.com/vulnerabilities/8615
Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
Reference: https://sumofpwn.nl/advisory/2016/p...s_due_to_unsafe_processing_of_file_names.html
Reference: http://seclists.org/fulldisclosure/2016/Sep/6
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
Fixed in: 4.6.1
[!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
Reference: https://wpvulndb.com/vulnerabilities/8616
Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
Fixed in: 4.6.1
[!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
Reference: https://wpvulndb.com/vulnerabilities/8716
Reference: https://github.com/WordPress/WordPr...bf72d513ca9de66566c2/wp-admin/update-core.php
Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
Fixed in: 4.7.1
[!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
Reference: https://wpvulndb.com/vulnerabilities/8719
Reference: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
Fixed in: 4.7.1
[!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
Reference: https://wpvulndb.com/vulnerabilities/8720
Reference: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
Fixed in: 4.7.1
[!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Reference: https://wpvulndb.com/vulnerabilities/8721
Reference: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
Fixed in: 4.7.1
[!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
Reference: https://wpvulndb.com/vulnerabilities/8766
Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
Fixed in: 4.7.3
[!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
Reference: https://wpvulndb.com/vulnerabilities/8807
Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
Reference: https://core.trac.wordpress.org/ticket/25239
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
[!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
Reference: https://wpvulndb.com/vulnerabilities/8815
Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
Fixed in: 4.7.5
[!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
Reference: https://wpvulndb.com/vulnerabilities/8816
Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
Fixed in: 4.7.5
[!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
Reference: https://wpvulndb.com/vulnerabilities/8818
Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
Reference: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
Reference: https://sumofpwn.nl/advisory/2016/c...gery_in_wordpress_connection_information.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
Fixed in: 4.7.5
[!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
Reference: https://wpvulndb.com/vulnerabilities/8905
Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
Fixed in: 4.8.2
[!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
Reference: https://wpvulndb.com/vulnerabilities/8906
Reference: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
Reference: https://wpvulndb.com/vulnerabilities/8905
Fixed in: 4.7.5
[!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
Reference: https://wpvulndb.com/vulnerabilities/8910
Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
Reference: https://core.trac.wordpress.org/changeset/41398
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
Fixed in: 4.8.2
[!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
Reference: https://wpvulndb.com/vulnerabilities/8911
Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
Reference: https://core.trac.wordpress.org/changeset/41457
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
Fixed in: 4.8.2
[!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
Reference: https://wpvulndb.com/vulnerabilities/8941
Reference: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
Reference: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
Reference: Reference: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
Fixed in: 4.8.3
[!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
Reference: https://wpvulndb.com/vulnerabilities/8966
Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
Fixed in: 4.9.1
[!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
Reference: https://wpvulndb.com/vulnerabilities/8967
Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
Fixed in: 4.9.1
[!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
Reference: https://wpvulndb.com/vulnerabilities/9021
Reference: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
Reference: https://github.com/quitten/doser.py
Reference: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
[!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
Reference: https://wpvulndb.com/vulnerabilities/9100
Reference: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
Reference: http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
Reference: https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
Reference: https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
Reference: https://www.wordfence.com/blog/2018...ion-vulnerability-patched-in-wordpress-4-9-7/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
So... Smb know how and which of them can help to brute passwd or maybe load backdoor/shell?
