>> ARCHIVE: 2020-11

WordPress Age Gate plugin versions 2.13.4 and below suffer fro an open redirection vulnerability.

WordPress Wibar theme version 1.1.8 suffers from a persistent cross site scripting vulnerability.

WonderCMS version 3.1.3 suffers from a persistent cross site scripting vulnerability. Original finding for persistent cross site scripting in this version of WonderCMS is attributed to Hemant Patidar.

WordPress Accesspress Social Icons theme version 1.7.9 suffers from a remote SQL injection vulnerability.

ZTE Blade Vantage Z839 Emode.APK android.uid.system local privilege escalation exploit.

Best Support System version 3.0.4 suffers from a persistent cross site scripting vulnerability.

Ruckus IoT Controller (Ruckus vRIoT) versions 1.5.1.0.21 and below suffer from a remote code execution vulnerability.

Heroic Knowledge Base plugin versions 3.0.1 and below suffer from persistent cross site scripting vulnerabilities.

This Metasploit module uses the NiFi API to create an ExecuteProcess processor that will execute OS commands. The API must be unsecured (or credentials provided) and the ExecuteProcess processor must…