Skip to content

Latest commit

 

History

History
80 lines (79 loc) · 10 KB

TOPWORDPRESS.md

File metadata and controls

80 lines (79 loc) · 10 KB
Raw

Top reports from WordPress program at HackerOne:

  1. Stored XSS Vulnerability to WordPress - 393 upvotes, $500
  2. Stored XSS in Private Message component (BuddyPress) to WordPress - 331 upvotes, $500
  3. RCE as Admin defeats WordPress hardening and file permissions to WordPress - 158 upvotes, $800
  4. Stored XSS on byddypress Plug-in via groups name to WordPress - 131 upvotes, $450
  5. Wordpress unzip_file path traversal to WordPress - 113 upvotes, $800
  6. Reflected XSS on https://make.wordpress.org via 'channel' parameter to WordPress - 95 upvotes, $387
  7. CSRF to HTML Injection in Comments to WordPress - 94 upvotes, $950
  8. Clickjacking on donation page to WordPress - 88 upvotes, $50
  9. Privilege Escalation via REST API to Administrator leads to RCE to WordPress - 86 upvotes, $1125
  10. Potential unprivileged Stored XSS through wp_targeted_link_rel to WordPress - 80 upvotes, $650
  11. Mssing Authorization on Private Message replies (BuddyPress) to WordPress - 63 upvotes, $375
  12. plugins.trac.wordpress.org likely vulnerable to Cross Site Tracing (xst), TRACE HTTP method should be disabled to WordPress - 55 upvotes, $150
  13. Authenticated XXE to WordPress - 39 upvotes, $600
  14. Multiple stored XSS in WordPress to WordPress - 35 upvotes, $1200
  15. "Bad Protocols Validation" Bypass in "wp_kses_bad_protocol_once" using HTML-encoding without trailing semicolons to WordPress - 34 upvotes, $350
  16. Logic flaw in the Post creation process allows creating posts with arbitrary types without needing the corresponding nonce to WordPress - 33 upvotes, $900
  17. Add users to groups who have restricted group invites to WordPress - 29 upvotes, $275
  18. [mercantile.wordpress.org] Reflected XSS via AngularJS Template Injection to WordPress - 28 upvotes, $300
  19. Information / sensitive data disclosure on some endpoints to WordPress - 28 upvotes, $0
  20. Stored XSS on Broken Themes via filename to WordPress - 24 upvotes, $300
  21. Authenticated Stored Cross-site Scripting in bbPress to WordPress - 24 upvotes, $225
  22. Open API For Username enumeration to WordPress - 24 upvotes, $0
  23. Wordpress 4.7.2 - Two XSS in Media Upload when file too large. to WordPress - 23 upvotes, $350
  24. XSS via unicode characters in upload filename to WordPress - 22 upvotes, $600
  25. Reflected Swf XSS In ( plugins.svn.wordpress.org ) to WordPress - 21 upvotes, $350
  26. DOM Based XSS In mercantile.wordpress.org to WordPress - 21 upvotes, $275
  27. Wordpress 4.7 - CSRF -> HTTP SSRF any private ip:port and basic-auth to WordPress - 20 upvotes, $750
  28. [FG-VD-18-165] Wordpress Cross-Site Scripting Vulnerability Notification II to WordPress - 20 upvotes, $650
  29. Content Spoofing @ https://irclogs.wordpress.org/ to WordPress - 20 upvotes, $0
  30. Infrastructure - Photon - SSRF to WordPress - 19 upvotes, $350
  31. Arbitrary change of blog's background image via CSRF to WordPress - 19 upvotes, $350
  32. XSS in the search bar of mercantile.wordpress.org to WordPress - 18 upvotes, $275
  33. WordPress DB Class, bad implementation of prepare method guides to sqli and information disclosure to WordPress - 17 upvotes, $0
  34. Reflected XSS at https://da.wordpress.org/themes/?s= via "s=" parameter to WordPress - 16 upvotes, $387
  35. Arbitrary file deletion in wp-core - guides towards RCE and information disclosure to WordPress - 16 upvotes, $0
  36. CSRF to add admin [wordpress] to WordPress - 15 upvotes, $1337
  37. Authenticated Cross-site Scripting in Template Name to WordPress - 15 upvotes, $350
  38. Reflected XSS: Taxonomy Converter via tax parameter to WordPress - 15 upvotes, $275
  39. Clickjacking In jobs.wordpress.net to WordPress - 15 upvotes, $0
  40. Stored self-XSS in mercantile.wordpress.org checkout to WordPress - 14 upvotes, $275
  41. Buddypress 2.9.1 - Exceeding the maximum upload size - XSS leading to potential RCE. to WordPress - 14 upvotes, $275
  42. Open Redirect on the nl.wordpress.net to WordPress - 14 upvotes, $50
  43. Clickjacking wordcamp.org to WordPress - 14 upvotes, $0
  44. Stored XSS in Post Preview as Contributor to WordPress - 13 upvotes, $650
  45. [mercantile.wordpress.org] Reflected XSS to WordPress - 13 upvotes, $225
  46. Missing SSL can leak job token to WordPress - 12 upvotes, $0
  47. pre-auth Stored XSS in comments via javascript: url when administrator edits user supplied comment to WordPress - 11 upvotes, $650
  48. Clickjacking mercantile.wordpress.org to WordPress - 11 upvotes, $0
  49. Stored xss via template injection to WordPress - 10 upvotes, $300
  50. xss - reflected to WordPress - 10 upvotes, $50
  51. [support.wordcamp.org] - publicly accessible .svn repository to WordPress - 10 upvotes, $0
  52. MediaElements XSS to WordPress - 9 upvotes, $450
  53. Lack of Sanitization and Insufficient Authentication to WordPress - 9 upvotes, $300
  54. code.wordpress.net subdomain Takeover to WordPress - 9 upvotes, $25
  55. Stored XSS on Wordpress 5.3 via Title Post to WordPress - 9 upvotes, $0
  56. [Buddypress] Arbitrary File Deletion through bp_avatar_set to WordPress - 8 upvotes, $350
  57. XSS on support.wordcamp.org in ajax-quote.php to WordPress - 8 upvotes, $225
  58. Allow authenticated users can edit, trash,and add new in BuddyPress Emails function to WordPress - 8 upvotes, $225
  59. Stored but [SELF] XSS in mercantile.wordpress.org to WordPress - 8 upvotes, $150
  60. Self-XSS in WordPress Editor Link Modal to WordPress - 8 upvotes, $150
  61. Clickjacking - https://mercantile.wordpress.org/ to WordPress - 8 upvotes, $0
  62. [BuddyPress 2.9.1] Open Redirect via "wp_http_referer" parameter on "bp-profile-edit" endpoint to WordPress - 7 upvotes, $275
  63. Lack of Password Confirmation when Changing Password and Email to WordPress - 7 upvotes, $0
  64. WordPress core - Denial of Service via Cross Site Request Forgery to WordPress - 6 upvotes, $250
  65. Account takeover vulnerability by editor role privileged users/attackers via clickjacking to WordPress - 6 upvotes, $0
  66. Parameter tampering : Price Manipulation of Products to WordPress - 6 upvotes, $0
  67. Unauthenticated hidden groups disclosure via Ajax groups search to WordPress - 5 upvotes, $275
  68. CSRF in Profile Fields allows deleting any field in BuddyPress to WordPress - 5 upvotes, $225
  69. Improper Access Control in Buddypress core allows reply,delete any user's activity to WordPress - 4 upvotes, $225
  70. Administrator(s) Information disclosure via JSON on wordpress.org to WordPress - 4 upvotes, $0
  71. Wordpress 4.8.1 - Rogue editor leads to RCE. And the risks of same origin frame scripting in general to WordPress - 4 upvotes, $0
  72. Privilege Escalation in BuddyPress core allows Moderate to Administrator to WordPress - 3 upvotes, $225
  73. Stored XSS in WordPress to WordPress - 3 upvotes, $0
  74. antispambot does not always escape <, >, &, " and ' to WordPress - 3 upvotes, $0
  75. CSRF on comment post to WordPress - 3 upvotes, $0
  76. Clickjacking irclogs.wordpress.org to WordPress - 2 upvotes, $0
  77. WordPress Automatic Update Protocol Does Not Authenticate Updates Provided by the Server to WordPress - 2 upvotes, $0
  78. UnResolved ChangeSet are Visible to Public That also Causes Information Disclosure to WordPress - 0 upvotes, $0