XSS in WPML String Translation 2.1.3 (20.05.2015)

WPML is the standard for creating multi-language WordPress sites.
The String Translation plugin allows to translate interface strings directly from within WordPress without having to use .mo files.

Header: x-xss-protection:1; mode=block
WordPress: 4.2.2
WPML String Translation 2.1.3

The vulnerability is an XSS in search field on addon WPML String Translation.


The vulnerabilities were found by Teofil Cojocariu.
The vendor was notified on May 20, 2015 and the patch was released on May 21, 2015 (version 2.1.4).

CoreOS – Docker – Remove all containers and images

Most probably you will need this if you are testing Docker.


Install OSX Yosemite

Continue reading

View open ports without netstat or other tool

Today I wanted to check which ports are open in a CentOS machine, but by default that server do not have netstat or other tool, so I find a workaround for this.

Listen YouTube in CLI / Terminal


Continue reading

© 2015 Teofil Cojocariu

Theme by Anders NorenUp ↑