Researcher discovers Zero-Day Vulnerability in Wordpress Plugin of Exploit DB
The young security researcher paulos yibleo discovered a remote vulnerability in the offensive security exploit-db community.
The vulnerability occured in the blog service of the community. The offensive security team installed an application plugin for wordpress called "wp-rocket". The "wp-rocket" (wp-rocket.me) plugin is well known for unsecure programming mythology.
The security vulnerability that is remotly exploitable was located in the /wp-content/wprocketfolder/inc/front/process.php application file. The process.php file allows to request without authorization (pre-auth) $host controlled inputs.
Advanced Persistent Threat Golden_hands - Digital Bank Robbery of the Year 2020
Facebook Security - 12.500$ Bug Bounty reward to Security Researcher
Bug Bounty Program Award Winners 2014 - Exclusive Interview by Microsoft & PayPal
Shopify | Buy Button | Persistent Embed POST Inject Vulnerability