Vulnerability Details Product: Everest Backup plugin for WordPressAffected: v2.3.5 and olderPatched: v2.3.6Vendor: Everest ThemesCVE: CVE-2025-11380 Introduction Recently I started learning more about auditing WordPress plugins for security vulnerabilities. WordPress plugins are a specific, niche area of security research but WordPress’ Read more
Vendor: CanonicalProduct: cloud-initCategory: CWE-200 Information ExposureVersion: v21.1 and belowFixed: v21.1.19CVE: CVE-2021-3429 Summary Cloud-init enables engineers to automate operating system configuration, primarily within different cloud environments. Cloud-init can also function as a standalone configuration tool independent of any cloud provider. Cloud-init Read more
Vendor: GoogleProduct: Docs Android appVersion: 1.20.302.01.40Platform: AndroidReported: 7/11/2020Fixed: 8/26/2020CVE: N/A This write-up covers a low-severity vulnerability found in Google Docs Android app. Hope it is of interest! Quick primer on Android app security. An Android app can use a framework, Read more
Most of the vulnerabilities I uncover fit neatly into a particular category like XSS, SQLi, or buffer overflow. Sometimes, though, looking outside the box can yield interesting finds. In this post I’ll discuss one such vulnerability I discovered in the Read more
Product: EspoCRM Vendor: Letrium LTD/Open source software Version: 4.5.0, possibly earlier Category: Cross Site Scripting Vendor notified: 2017-03-24 Patched: 2017-04-03 Disclosed: 2017-04-22 Researcher: Carl Pearson Summary Multiple persistent cross site scripting (XSS) vulnerabilities exist in EspoCRM v4.5.0, in the Knowledge Read more
Product: Chyrp Lite Vendor: Open source community Version: 2016.04 “Lago” and earlier Category: Cross site request forgery (CSRF) Vendor Notified: 2017-01-05 Patched: 2017-01-06 Disclosed: 2017-03-06 Researcher(s): Carl Pearson CVE: CVE-2017-1000008 Summary A cross-site request forgery (CSRF) vulnerability exists in the Read more
Product: Koozali SME Server Vendor: Koozali Foundation/Open Source Software Version: 8.x, 9.x, 10.x Category: Open URL Redirect Vendor Notified: 2017-01-11 Patched: 2017-01-23 Disclosed: 2017-02-02 Researcher(s): Carl Pearson CVE: CVE-2017-1000027 Summary An open URL redirect vulnerability exists in the user login Read more