New security tests, November 15, 2017: Image Resizer Exposure in .NET

DetectifyNov 16, 2017

Another update, another batch of vulnerabilities. We have an interesting mix of new security test this week, including Sitecore, HashiCorp Consul and WordPress vulnerabilities. As always, don’t forget to run a scan to check if you’re vulnerable.

Image Resizer Exposure in .NET (information finding that affects Sitecore and Episerver, among others)
Exposure of /.mysql_history
Exposure of /.pgsql_history
CVE-2017-14619: phpMyFAQ XSS
WordPress simple-login-log SQL Injection
WordPress invite-anyone Object Injection
WordPress hrm Authenticated SQL Injection
WordPress userpro Authentication Bypass
WordPress wp-support-plus-responsive-ticket-system CSRF/RCE
WordPress qards SSRF
WordPress wp-all-import XSS
WordPress buddypress Authenticated Open Redirect
WordPress caldera-forms Authenticated XSS
WordPress wp-custom-fields-search XSS
HasiCorp Consul Exposure

Detectify

Complete External Attack Surface Management for AppSec and ProdSec teams.

Check out more content

Product Updates

Detectify AI-Researcher Alfred gets smarter with threat actor intelligence

Six months after launch, Alfred, the AI Agent that autonomously builds security tests, has revolutionized our workflow. Alfred has delivered over 450 validated tests against …

November 10, 2025

Product Updates

New API testing category now available

Our API scanner can test for dozens of vulnerability types like prompt injections and misconfigurations. We’re excited to share today that we’re releasing vulnerability tests …

October 23, 2025

Product Updates

Product update: Dynamic API Scanning, Recommendations & Classifications, and more

We know the importance of staying ahead of threats. At Detectify, we’re committed to providing you with the tools you need to secure your applications …

September 26, 2025

Product Updates

Infinite payloads? The future of API Testing with dynamic fuzzing

What if we told you that our newly released API Scanner has 922 quintillion payloads for a single type of vulnerability test? A quintillion is …

September 18, 2025