WordPress - HackerOne Reports
View on HackerOne82
Total Reports
4
Critical
18
High
31
Medium
19
Low
Reflected Swf XSS In ( plugins.svn.wordpress.org )
Reported by:
m7mdharoun
|
Disclosed:
Medium
Stored XSS in WordPress
Reported by:
abdullah
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Authenticated Cross-site Scripting in Template Name
Reported by:
zurke
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Stored xss via template injection
Reported by:
morningstar
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
[mercantile.wordpress.org] Reflected XSS via AngularJS Template Injection
Reported by:
ysx
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Clickjacking wordcamp.org
Reported by:
hasanexpert
|
Disclosed:
Low
Weakness: UI Redressing (Clickjacking)
Stored self-XSS in mercantile.wordpress.org checkout
Reported by:
eidelweiss
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Stored
[FG-VD-18-165] Wordpress Cross-Site Scripting Vulnerability Notification II
Reported by:
yzy9951
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Previously created sessions continue being valid after 2FA activation
Reported by:
tanvir0x
|
Disclosed:
Low
Weakness: Improper Access Control - Generic
Stored XSS on Broken Themes via filename
Reported by:
apapedulimu
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Stored
Account takeover vulnerability by editor role privileged users/attackers via clickjacking
Reported by:
rewanth_cool
|
Disclosed:
High
Weakness: UI Redressing (Clickjacking)
MediaElements XSS
Reported by:
shay12tg
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Reflected
Arbitrary file deletion in wp-core - guides towards RCE and information disclosure
Reported by:
b258ea62bf297b02afa9854
|
Disclosed:
Critical
Weakness: Path Traversal
code.wordpress.net subdomain Takeover
Reported by:
sniperpex
|
Disclosed:
Medium
Stored XSS Vulnerability
Reported by:
ali
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Content Spoofing @ https://irclogs.wordpress.org/
Reported by:
hackerwahab
|
Disclosed:
Low
Weakness: Improper Access Control - Generic
RCE as Admin defeats WordPress hardening and file permissions
Reported by:
simonscannell
|
Disclosed:
Critical
Weakness: Path Traversal
Reflected XSS at https://da.wordpress.org/themes/?s= via "s=" parameter
Reported by:
jon_bottarini
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Stored but [SELF] XSS in mercantile.wordpress.org
Reported by:
codertom
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Stored
Missing SSL can leak job token
Reported by:
c0rte
|
Disclosed:
Low
Weakness: Cleartext Transmission of Sensitive Information