search

Nuchaz / BiblioCraft

50 stars 50 forks source link

WPScan Vulnerability #705

Open six6out opened 4 years ago

six6out commented 4 years ago

Hey!

I use a tool for penetrating called WPScan (Kali Linux). WPScan returns 3 vulnerabilities with your Wordpress site:

`Title: bbPress <= 2.5.8 - Stored Cross-Site Scripting (XSS) Fixed in: 2.5.9 References: - https://wpvulndb.com/vulnerabilities/8484 - https://blog.sucuri.net/2016/05/security-advisory-stored-xss-bbpress-2.html - https://bbpress.org/blog/2016/05/bbpress-2-5-9/

`

` [!] Title: bbPress <= 2.5.9 - Display Name & Avatar Potential Cross-Site Scripting (XSS) Fixed in: 2.5.10 References: - https://wpvulndb.com/vulnerabilities/8555 - https://wptavern.com/bbpress-2-5-10-patches-security-vulnerability - https://bbpress.org/blog/2016/07/bbpress-2-5-10-security-release/ - https://plugins.trac.wordpress.org/changeset/1454184/bbpress

`

| [!] Title: bbPress <= 2.5.12 - Unauthenticated SQL Injection | Fixed in: 2.5.13 | References: | - https://wpvulndb.com/vulnerabilities/8958 | - https://blog.sucuri.net/2017/11/sql-injection-bbpress.html | - https://hackerone.com/reports/179920

Just wanted to let you know. Security is a big asset in web development and hacking has been getting good these days.

EDIT: bbPress is one of the only Wordpress forum plugins. You can embed Discourse in a Wordpress server instead of bbPress.

I find great potential in this project and believe it should have a good site.

Thanks, JavaSight Formerly lunatic-coding

six6out commented 4 years ago

Stats for both of my issues can be found at a report:

https://javasight.github.io/hackdb/hackdb/analysis/kali/bibliocraftmod/2020-04-05

This is the newest statpage as of the writing of this comment.