WP Ticket (Customer Service Software & Support Ticket System) < 5.10.4 — Admin+ Stored XSS via Unsanitized List Fields (CVE-2021-24622)

Introduction I set out to review helpdesk/ticketing plugins that are frequently installed in intranets and customer portals—places where strict role boundaries exist and unfiltered_html is commonly...

Oct 1, 2021 Infosec, CVE, Research

WP Courses LMS < 2.0.44 — Authenticated Stored XSS via 'Video Embed Code'

Introduction While reviewing WordPress learning-management plugins, I focused on inputs that render inside lesson or course pages—especially fields intended for HTML or embeds. These areas often re...

Oct 1, 2021 Infosec, CVE, Research

Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS)

Introduction I was reviewing appointment-booking plugins to check how they render merchant-defined data back into admin/listing views. Fields like “service name,” “duration,” and “price” often look...

Oct 1, 2021 Infosec, CVE, Research

[English] OSCP Certification Exam Experience

Update: Since 2022, Offensive Security (OffSec) updated the PEN-200 materials by adding Active Directory content and removing Buffer Overflow (BoF) from the exam, so some suggestions in this post a...

Aug 27, 2021 Infosec, Certification

[Bahasa] Pengalaman Ujian Sertifikasi OSCP

Update: Semenjak tahun 2022, Offensive Security (OffSec) melakukan update terhadap materi PEN-200 dengan menambahkan materi Active Directory dan menghapus Buffer Overflow (BoF) pada exam, sehingga ...

Aug 27, 2021 Infosec, Certification

1
2
3
4
4 / 4

WP Ticket (Customer Service Software & Support Ticket System) < 5.10.4 — Admin+ Stored XSS via Unsanitized List Fields (CVE-2021-24622)

WP Courses LMS < 2.0.44 — Authenticated Stored XSS via 'Video Embed Code'

Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS)

[English] OSCP Certification Exam Experience

[Bahasa] Pengalaman Ujian Sertifikasi OSCP

Trending Tags