Vulnerabilities

In the Lana Codes Vulnerability Database (LANAVDB), we collect the vulnerabilities we discover in other systems and provide detailed analysis and descriptions.

Drag and Drop Multiple File Upload – Contact Form 7 by CodeDropz WordPress plugin Non-Arbitrary File Upload

The plugin was affected by a Non-Arbitrary File Upload and CSRF security vulnerabilities. The two vulnerabilities allow us to upload files to the server, even with a script. Note: only limited file types can be uploaded.

OAuth Single Sign On – SSO (OAuth Client) by miniOrange WordPress plugin Authentication Bypass

The plugin was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the client’s website. Note: The plugin was affected by Broken Access Control vulnerability too. There are a lot of vulnerabilities and bugs in the code. But the analysis only deals with Auth Bypass because it is the most serious vulnerability. Note: To exploit the vulnerability, we need to log in with a user with any role.

OAuth client Single Sign On for WordPress (OAuth 2.0 SSO) by securiseweb WordPress plugin Authentication Bypass

The plugin was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrative role on the client’s website. Note: The plugin was affected by Broken Access Control and Cross-Site Request Forgery (CSRF) vulnerabilities too. There are a lot of vulnerabilities and bugs in the code. But the analysis only deals with Auth Bypass because it is the most serious vulnerability.

ProfileGrid by Metagauss WordPress plugin Multiple Vulnerabilities

The plugin was affected by Broken Access Control and Cross-Site Request Forgery (CSRF) vulnerabilities. The plugin creates a frontend user profile, groups, communities and messenger. However, the messenger is vulnerable because there is no user authentication, so the vulnerability allows us to list and modify other users’ messages.

OAuth 2.0 client for SSO by miniOrange WordPress plugin Authentication Bypass

The plugin was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrative role on the client’s website.