Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Ian Dunn - HackerOne Reports

View on HackerOne

33

Total Reports

0

Critical

2

High

5

Medium

3

Low

Potential Open-Redirection

Reported by: damn007 | Disclosed:

Weakness: Open Redirect

HTML injection-WordCamp Talks plugin

Reported by: paresh_parmar | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Path Disclosure Vulnerability

Reported by: jamalcom | Disclosed:

Weakness: Information Disclosure

CSV Injection at Camptix Event Ticketing

Reported by: thezawad | Disclosed:

Weakness: Command Injection - Generic

Double evaluation in .bash_prompt of dotfiles allows a malicious repository to execute arbitrary commands

Reported by: ryotak | Disclosed:

High

[Not just a server configuration issue] Full Path Disclosure

Reported by: ahsan | Disclosed:

Weakness: Information Disclosure

Brute force on wp-login

Reported by: proxynwh | Disclosed:

Weakness: Violation of Secure Design Principles

SSL certificate public key less than 2048 bit

Reported by: proxynwh | Disclosed:

Weakness: Cryptographic Issues - Generic

xmlrpc.php FILE IS enable on Main website

Reported by: tibin_sunny | Disclosed:

Weakness: Violation of Secure Design Principles

XSS in Tagregator plugin

Reported by: dia2diab | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

CSV Injection in Camptix

Reported by: grande | Disclosed:

Low

Weakness: Command Injection - Generic

Multiple XSS in Camptix Event Ticketing Plugin

Reported by: thezawad | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Google Authenticator - Cross Site Scripting

Reported by: iamsha4yan | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Google Authenticator0.6 - PHP Version Dosclosure

Reported by: iamsha4yan | Disclosed:

Weakness: Information Disclosure

All Plugins - Direct file access to plugin files Vulnerability

Reported by: iamsha4yan | Disclosed:

Weakness: Improper Authentication - Generic

xmlrpc.php FILE IS enable it can be used for conducting a Bruteforce attack and Denial of Service(DoS)

Reported by: shrimant_yogi | Disclosed:

Weakness: Uncontrolled Resource Consumption

No CAPTCHA ia exist in pages

Reported by: ravenbugbounty | Disclosed:

Weakness: Violation of Secure Design Principles

SSRF Possible through /wordpress/xmlrpc.php

Reported by: azzassin | Disclosed:

Weakness: Server-Side Request Forgery (SSRF)

Security issue: Github repo's wiki publicly editable

Reported by: whitehat_hacker | Disclosed:

Weakness: Improper Access Control - Generic

stored SELF xss on Basic Google Maps Placemarks Settings plugin

Reported by: b6117130df17feef13481e3 | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Page 1 of 2 Next