WordPress Advanced Ticket System < 1.0.64 — Authenticated Stored XSS in Ticket Metadata

Introduction While reviewing help-desk and ticketing plugins for WordPress, I focused on how user-supplied ticket metadata is validated before being stored and rendered. These flows often accept m...

Oct 1, 2021 Infosec, CVE

WP Ticket (Customer Service Software & Support Ticket System) < 5.10.4 — Admin+ Stored XSS via Unsanitized List Fields (CVE-2021-24622)

Introduction I set out to review helpdesk/ticketing plugins that are frequently installed in intranets and customer portals—places where strict role boundaries exist and unfiltered_html is commonly...

Oct 1, 2021 Infosec, CVE

WP Courses LMS < 2.0.44 — Authenticated Stored XSS via 'Video Embed Code'

Introduction While reviewing WordPress learning-management plugins, I focused on inputs that render inside lesson or course pages—especially fields intended for HTML or embeds. These areas often re...

Oct 1, 2021 Infosec, CVE

Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS)

Introduction I was reviewing appointment-booking plugins to check how they render merchant-defined data back into admin/listing views. Fields like “service name,” “duration,” and “price” often look...

Oct 1, 2021 Infosec, CVE

[English] OSCP Certification Exam Experience

Update: Since 2022, Offensive Security (OffSec) updated the PEN-200 materials by adding Active Directory content and removing Buffer Overflow (BoF) from the exam, so some suggestions in this post a...

Aug 27, 2021 Infosec, Certification

1
...
3
4
5
4 / 5

WordPress Advanced Ticket System < 1.0.64 — Authenticated Stored XSS in Ticket Metadata

WP Ticket (Customer Service Software & Support Ticket System) < 5.10.4 — Admin+ Stored XSS via Unsanitized List Fields (CVE-2021-24622)

WP Courses LMS < 2.0.44 — Authenticated Stored XSS via 'Video Embed Code'

Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS)

[English] OSCP Certification Exam Experience

Trending Tags