Skip to main content

WordPress Common Issue Notes

 WordPress:


/wp-content/plugins/sfwd-lms/wpml-config.xml


/wp-content/plugins/omni-secure-files/plupload/examples/upload.php


/wp-content/plugins/contus-hd-flv-player/uploadVideo.php


wp-json/th/v1/user_generation


/wp-admin/admin-ajax.php?do_reset_wordpress=1



Wordpress xmlrpc.php -common vulnerabilites & how to exploit them


https://medium.com/@the.bilal.rizwan/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32

Comments

Post a Comment

Popular posts from this blog

Electron JS Security Checklist

Electron Js Security Checklist Disable nodeIntegration for untrusted origins/Do-not Enable Node-Integration Risk  If enabled, nodeIntegration allows JavaScript to leverage Node.js primitives and modules. This could lead to full remote system compromise if you are rendering untrusted content. Auditing nodeIntegration and nodeIntegrationInWorker are boolean options that can be used to determine whether node integration is enabled.  Auditing For BrowserWindow, default is true. If the option is not present, or is set to true/1, nodeIntegration is enabled as in the following examples:  mainWindow = new BrowserWindow({ "webPreferences": { "nodeIntegration": true, “nodeIntegrationInWorker": 1 } });  Or simply:  mainWindow = new BrowserWindow() For webview tag, default is false.  When this attribute is present, the guest page in webview will have node integration: When sanbox is enabled (see below), nodeintegration is disabled. Please note ...
Post a Comment
Read more

CIA TRIAD

  CIA TRIAD Confidentiality Confidentiality ensures that sensitive information is only available to people who are authorized to access it . Security Controls for confidentiality data protection : Encryption   -> Encrypting data with latest encryption mechanism Access Control -> LDAP, Managed permission   Steganography -> Hiding data within data , obscuring the data Causes of Un-Intentional data disclosure : Human Error Oversight Ineptitude Violation of Confidentiality Attacks: Capturing network traffic Stealing password files Social Engineering Port Scanning Shoulder Surfing   Eavesdropping - Also known as sniffing or snooping attack , secretly listening   Escalation of privileges Countermeasures to ensure confidentiality: Encryption Network traffic paddling   Rigorous access controls   Strict Authentication process   Data classification Personnel Training   Integrity Integrity refers to prevention of un-authorized alterations to th...
Post a Comment
Read more