XSS in WPML String Translation 2.1.3 (20.05.2015)

Intro
WPML is the standard for creating multi-language WordPress sites.
The String Translation plugin allows to translate interface strings directly from within WordPress without having to use .mo files.
https://wpml.org/documentation/wpml-core-and-add-on-plugins/

Info
Header: x-xss-protection:1; mode=block
WordPress: 4.2.2
WPML 3.1.9.6
WPML String Translation 2.1.3

Vulnerability
The vulnerability is an XSS in search field on addon WPML String Translation.

xss_wpml_string_translation_wordpress_plugin

Credits
The vulnerabilities were found by Teofil Cojocariu.
The vendor was notified on May 20, 2015 and the patch was released on May 21, 2015 (version 2.1.4).

CoreOS – Docker – Remove all containers and images

Most probably you will need this if you are testing Docker.

 

Install OSX Yosemite

Continue reading

View open ports without netstat or other tool

Today I wanted to check which ports are open in a CentOS machine, but by default that server do not have netstat or other tool, so I find a workaround for this.

Listen YouTube in CLI / Terminal

 

Continue reading

© 2015 Teofil Cojocariu

Theme by Anders NorenUp ↑