- Summary: User Enumeration via logon method. A different message will display based on correct/incorrect entry of a username and password which can lead to a disclosure of account names.
- Vulnerability types: Credential Theft/Discovery
- Tested in version: 4.1.0
- Fixed in version: 4.4 (can install plugin to mitigate)
- GIF Walkthrough:
- Steps to recreate: Go to the login page of the WordPress and test out different usernames. Test common entries such as "admin" or "administrator" and you may get a message saying that the username is not found or that the password for the guessed username is incorrect, thus landing you a potential access point.
- Affected source code: https://github.com/WordPress/WordPress
- - Link 1
- Summary: Using XSS, one can inject malicious JavaScript through a YouTube URL.
- Vulnerability types: Cross-Site Scripting (XSS)
- Tested in version: 4.1.0
- Fixed in version: 4.7.3
- GIF Walkthrough:
- Steps to recreate: Create malicious payload through a YouTube URL. Example:
[embed src='https://youtube.com/embed/12345\x3csvg onload=alert(1)\x3e'][/embed] - Affected source code: https://github.com/WordPress/WordPress
- Link 1
- Summary: Creating a post with a simple HTML onclick insertion grants an alert which signifies that we can perform malicious input through the discussion posts on the WordPress blog.
- Vulnerability types: Cross-Site Scripting (XSS)
- Tested in version: 4.1.0
- Fixed in version: 4.2.4
- GIF Walkthrough:
- Steps to recreate: Create a malicious event handler using a method such as HTML with an onclick element to test if you are able to create an alert. An example would be
<html onclick="alert(1)" style=display:block>test</html> - Affected source code: https://core.trac.wordpress.org/browser/trunk/src/wp-includes/theme.php
- Link 1