The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

About the Project

hacker

What Is It

A curated list of websites for cybersecurity. I'm a security enthusiast and love looking at websites/blogs about cybersecurity, especially offensive security. So I wanted to create something like a huge library.

Why Made It

Many people who visit this site probably think, "This is just a collection of links." That's right. The reason I made it is mainly for myself. There are so many sites out there that attract me, so it was unrealistic to list them all in my personal task management tool or add them all to my browser's bookmarks. In addition, I wanted to try something new tools/frameworks such as Astro.js.

Disclaimer

Security Links essentially lists sites without permission from the site owner. If your site is listed here and you want it to be excluded please contact me (see below). I'll exclude it immediately.

Contact Me

If you would like to issue or send a message, please email at hdks.bug[at]gmail.com