Hello & Welcome to
WordPress Hütte

Just another blog about WordPress security

Scroll Down

Avada 5.1.4 stored XSS and CSRF

The Avada theme has the most sales currently on ThemeForest.net with more than 300.000 sales, and they market themselves using the following lines: "The #1 Selling Theme on the market for 4+ years" "#1 selling theme of all time" Being the best-selling WP theme, however, does not make…

Layer Slider 6.2.0 CSRF to XSS to SQLi with POC

The LayerSlider v6.2.0 suffers from multiple vulnerabilities: Cross-site Request Forgery aka. CSRF The ls_save_screen_options function does not validate the request with a nonce. function ls_save_screen_options() { $_POST['options'] = !empty($_POST['options']) ? $_POST['options'] : array(); update_option('ls-screen-options', $_POST['options']); die(); } This function is…