Tags archives: unix

 

0

WordPress Unite Gallery Lite 1.4.6 CSRF / SQL Injection

# Title: Cross-Site Request Forgery & SQL Injection Vulnerabilities in Unite Gallery Lite Wordpress Plugin v1.4.6 # Submitter: Nitin Venkatesh # Product: Unite Gallery Lite Wordpress Plugin # Product URL: https://wordpress.org/plugins/unite-gallery-lite/ # Vulnerability Type: Cross-site Request Forgery [CWE-352], Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)[CWE-89] # Affected Versions: v1.4.6 and […]

 

0

WordPress Music Store 1.0.14 Open Redirect

# Title: Open Redirect Vulnerability in Music Store Wordpress Plugin v1.0.14 # Submitter: Nitin Venkatesh # Product: Music Store Wordpress Plugin # Product URL: https://wordpress.org/plugins/music-store/ # Vulnerability Type: URL Redirection to Untrusted Site (‘Open Redirect’) [CWE-601] # Affected Versions: v1.0.14 and possibly below. # Tested versions: v1.0.14 # Fixed Version: v1.0.15 # Link to code […]

 

0

WordPress Paid Memberships Pro 1.8.4.2 Cross Site Scripting

Advisory ID: HTB23264 Product: Paid Memberships Pro WordPress plugin Vendor: Stranger Studios Vulnerable Version(s): 1.8.4.2 and probably prior Tested Version: 1.8.4.2 Advisory Publication: July 1, 2015 [without technical details] Vendor Notification: July 1, 2015 Vendor Patch: July 8, 2015 Public Disclosure: July 22, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2015-5532 Risk Level: Medium […]

 

0

WordPress Count Per Day 3.4 SQL Injection

Advisory ID: HTB23267 Product: Count Per Day WordPress plugin Vendor: Tom Braider Vulnerable Version(s): 3.4 and probably prior Tested Version: 3.4 Advisory Publication: July 1, 2015 [without technical details] Vendor Notification: July 1, 2015 Vendor Patch: July 1, 2015 Public Disclosure: July 22, 2015 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2015-5533 Risk Level: Medium […]

 

0

WordPress Portfolio 1.0 Cross Site Request Forgery

# Title: Cross-Site Request Forgery Vulnerability in Portfolio Plugin Wordpress Plugin v1.0 # Submitter: Nitin Venkatesh # Product: Portfolio Plugin Wordpress Plugin # Product URL: https://wordpress.org/plugins/portfolio-by-lisa-westlund/ # Vulnerability Type: Cross-site Request Forgery [CWE-352] # Affected Versions: v1.0 # Tested versions: v1.0 # Fixed Version: v1.05 # Link to code diff: https://plugins.trac.wordpress.org/changeset/1175403/portfolio-by-lisa-westlund # Changelog: https://plugins.trac.wordpress.org/log/portfolio-by-lisa-westlund # […]

 

0

WordPress Mobile Pack 2.1.2 Information Disclosure

# Title: Information Exposure Vulnerability in WordPress Mobile Pack Wordpress Plugin v2.1.2 and below # Submitter: Nitin Venkatesh # Product: WordPress Mobile Pack Wordpress Plugin # Product URL: https://wordpress.org/plugins/wordpress-mobile-pack/ # Vulnerability Type: Information Exposure[CWE-200] # Affected Versions: v2.1.2 and below. Installed v2.1.3 before June 3, 2015 also affected. # Tested versions: v2.1.2, v2.1.3 (prior to […]

 

0

WordPress Mailcwp 1.99 Shell Upload

Title: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-09 Download Site: https://wordpress.org/plugins/mailcwp/ Vendor: CadreWorks Pty Ltd Vendor Notified: 2015-07-09 fixed in v1.110 Vendor Contact: Contact Page via WP site Description: MailCWP, Mail Client for WordPress. A full-featured mail client plugin providing webmail access through your WordPress blog […]

 

0

WordPress Download Manager Free 2.7.94 / Pro 4 XSS

# WordPress Download Manager Free 2.7.94 & Pro 4 Authenticated Stored XSS   # Vendor Homepage: http://www.wpdownloadmanager.com # Software Link: https://wordpress.org/plugins/download-manager # Affected Versions: Free 2.7.94 & Pro 4 # Tested on: WordPress 4.2.2   # Discovered by Filippos Mastrogiannis # Twitter: @filipposmastro # LinkedIn: https://www.linkedin.com/pub/filippos-mastrogiannis/68/132/177   — Description —   This stored XSS vulnerability […]

 

0

WordPress BuddyPress Activity Plus 1.5 CSRF / File Deletion

Details ================ Software: BuddyPress Activity Plus Version: 1.5 Homepage: http://wordpress.org/plugins/buddypress-activity-plus/ Advisory report: https://security.dxw.com/advisories/csrf-and-arbitrary-file-deletion-in-buddypress-activity-plus-1-5/ CVE: Awaiting assignment CVSS: 8.5 (High; AV:N/AC:L/Au:N/C:N/I:P/A:C)   Description ================ CSRF and arbitrary file deletion in BuddyPress Activity Plus 1.5   Vulnerability ================ An attacker can delete any file the PHP process can delete. For this to happen, a logged-in user would […]

 

0

WordPress Subscribe To Comments 2.1.2 LFI / Code Execution

Details ================ Software: Subscribe to Comments Version: 2.1.2 Homepage: http://wordpress.org/plugins/subscribe-to-comments/ Advisory report: https://security.dxw.com/advisories/admin-only-local-file-inclusion-and-arbitrary-code-execution-in-subscribe-to-comments-2-1-2/ CVE: Awaiting assignment CVSS: 8 (High; AV:N/AC:L/Au:S/C:C/I:P/A:P)   Description ================ Admin-only local file inclusion and arbitrary code execution in Subscribe to Comments 2.1.2   Vulnerability ================ Administrators can perform Local File include attacks, which is a privilege escalation on systems where the […]