Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

WordPress - HackerOne Reports

View on HackerOne

82

Total Reports

4

Critical

18

High

31

Medium

19

Low

Stored XSS in Private Message component (BuddyPress)

Reported by: klmunday | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

Clickjacking on donation page

Reported by: b0d8e6c576cada9bb87be7b | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

Authenticated Stored Cross-site Scripting in bbPress

Reported by: whoisbinit | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Arbitrary change of blog's background image via CSRF

Reported by: erwan_lr | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Open API For Username enumeration

Reported by: sameerphad72 | Disclosed:

Low

PII of users can be downloaded from export pages

Reported by: chip_sec | Disclosed:

Medium

Weakness: Information Disclosure

Clickjacking - https://mercantile.wordpress.org/

Reported by: giantfire | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

[Buddypress] Arbitrary File Deletion through bp_avatar_set

Reported by: mopman | Disclosed:

High

CSRF to add admin [wordpress]

Reported by: abdullah | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Information / sensitive data disclosure on some endpoints

Reported by: europa | Disclosed:

Medium

Weakness: Information Disclosure

Wordpress 4.7.2 - Two XSS in Media Upload when file too large.

Reported by: skansing | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

[support.wordcamp.org] - publicly accessible .svn repository

Reported by: kazan71p | Disclosed:

Weakness: Improper Access Control - Generic

Open Redirect on the nl.wordpress.net

Reported by: sp1d3rs | Disclosed:

Low

Weakness: Open Redirect

Clickjacking mercantile.wordpress.org

Reported by: villagelad | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

WordPress core - Denial of Service via Cross Site Request Forgery

Reported by: spipm | Disclosed:

Weakness: Uncontrolled Resource Consumption

Privilege Escalation via REST API to Administrator leads to RCE

Reported by: hoangkien1020 | Disclosed:

High

Weakness: Privilege Escalation

antispambot does not always escape <, >, &, " and '

Reported by: flimm | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Clickjacking irclogs.wordpress.org

Reported by: sameull | Disclosed:

Weakness: UI Redressing (Clickjacking)

Add users to groups who have restricted group invites

Reported by: yuvraj_dighe | Disclosed:

High

Weakness: Improper Access Control - Generic

Mssing Authorization on Private Message replies (BuddyPress)

Reported by: klmunday | Disclosed:

Low

Weakness: Improper Access Control - Generic

Page 1 of 5 Next