Recent Posts

WP Whois Domain Reflected XSS

less than 1 minute read

Due to a lack of CSRF mitigation and entity encoding in pages/func-whois.php, it is possible to execute scripts in the context of an admin user by including ...

Lightbox <= 1.6.6 CSRF Stored XSS

1 minute read

Due to a lack of CSRF mitigation and entity encoding in the output generated by /admin/view/huge_it_light_box.php, it is possible to store and execute script...

Portfolio <= 2.1.10 Reflected XSS Disclosure

less than 1 minute read

Due to a lack of CSRF mitigation and entity encoding in the portfolio_gallery_print_html_nav function found on line 276 of /includes/admin/portfolio-gallery-...