Merge pull request #358 from pvdl/vulns
Update WordPress Vulnerabilities
This commit is contained in:
erwanlr
@@ -1804,16 +1804,20 @@
|
||||
<vulnerability>
|
||||
<title>WP Easy Gallery <= 1.7 - Cross Site Scripting</title>
|
||||
<references>
|
||||
<secunia>49190</secunia>
|
||||
<url>http://packetstormsecurity.com/files/112687/</url>
|
||||
</references>
|
||||
<type>XSS</type>
|
||||
<fixed_in>2.7.3</fixed_in>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>WP Easy Gallery <= 2.7 - CSRF</title>
|
||||
<references>
|
||||
<secunia>49190</secunia>
|
||||
<url>http://plugins.trac.wordpress.org/changeset?reponame=&old=669527%40wp-easy-gallery&new=669527%40wp-easy-gallery</url>
|
||||
</references>
|
||||
<type>CSRF</type>
|
||||
<fixed_in>2.7.3</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -1821,9 +1825,11 @@
|
||||
<vulnerability>
|
||||
<title>Subscribe2 <= 8.0 - Cross Site Scripting</title>
|
||||
<references>
|
||||
<secunia>49189</secunia>
|
||||
<url>http://packetstormsecurity.com/files/112688/</url>
|
||||
</references>
|
||||
<type>XSS</type>
|
||||
<fixed_in>8.1</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -1831,6 +1837,7 @@
|
||||
<vulnerability>
|
||||
<title>Soundcloud Is Gold <= 2.1 - Cross Site Scripting</title>
|
||||
<references>
|
||||
<secunia>49188</secunia>
|
||||
<url>http://packetstormsecurity.com/files/112689/</url>
|
||||
</references>
|
||||
<type>XSS</type>
|
||||
@@ -1913,9 +1920,11 @@
|
||||
<vulnerability>
|
||||
<title>Newsletter Manager <= 1.0 - Cross Site Scripting</title>
|
||||
<references>
|
||||
<secunia>49183</secunia>
|
||||
<url>http://packetstormsecurity.com/files/112694/</url>
|
||||
</references>
|
||||
<type>XSS</type>
|
||||
<fixed_in>1.0.2</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -2042,11 +2051,13 @@
|
||||
|
||||
<plugin name="codestyling-localization">
|
||||
<vulnerability>
|
||||
<title>Code Styling Localization <= 1.99.16 - Cross Site Scripting</title>
|
||||
<title>Code Styling Localization <= 1.99.17 - Cross Site Scripting</title>
|
||||
<references>
|
||||
<secunia>49037</secunia>
|
||||
<url>http://packetstormsecurity.com/files/112709/</url>
|
||||
</references>
|
||||
<type>XSS</type>
|
||||
<fixed_in>1.99.20</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -2143,9 +2154,11 @@
|
||||
<vulnerability>
|
||||
<title>2-Click-Socialmedia-Buttons <= 0.32.2 - Cross Site Scripting</title>
|
||||
<references>
|
||||
<secunia>49181</secunia>
|
||||
<url>http://packetstormsecurity.com/files/112711/</url>
|
||||
</references>
|
||||
<type>XSS</type>
|
||||
<fixed_in>0.35</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -3008,9 +3021,11 @@
|
||||
<vulnerability>
|
||||
<title>Mingle Forum <= 1.0.33 - Cross Site Scripting</title>
|
||||
<references>
|
||||
<secunia>49171</secunia>
|
||||
<url>http://packetstormsecurity.com/files/112696/</url>
|
||||
</references>
|
||||
<type>MULTI</type>
|
||||
<type>XSS</type>
|
||||
<fixed_in>1.0.33.2</fixed_in>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>Mingle Forum 1.0.33.3 - fs-admin.php togroupusers Parameter XSS</title>
|
||||
@@ -7114,6 +7129,7 @@
|
||||
<title>LBG Zoominoutslider - settings_form.php Multiple Parameter Stored XSS</title>
|
||||
<references>
|
||||
<osvdb>99339</osvdb>
|
||||
<url>http://packetstormsecurity.com/files/123914/</url>
|
||||
<url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
|
||||
</references>
|
||||
<type>XSS</type>
|
||||
@@ -7122,6 +7138,7 @@
|
||||
<title>LBG Zoominoutslider - add_playlist_record.php Multiple Parameter Stored XSS</title>
|
||||
<references>
|
||||
<osvdb>99340</osvdb>
|
||||
<url>http://packetstormsecurity.com/files/123914/</url>
|
||||
<url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
|
||||
</references>
|
||||
<type>XSS</type>
|
||||
@@ -7818,10 +7835,11 @@
|
||||
|
||||
<plugin name="gallery-bank">
|
||||
<vulnerability>
|
||||
<title>Gallery Bank 2.0.19 - Multiple Unspecified XSS</title>
|
||||
<title>Gallery Bank 2.0.19 - edit-album.php album_id Parameter Reflected XSS</title>
|
||||
<references>
|
||||
<osvdb>99045</osvdb>
|
||||
<secunia>55443</secunia>
|
||||
<url>http://packetstormsecurity.com/files/123924/</url>
|
||||
<url>http://www.securityfocus.com/bid/63382</url>
|
||||
</references>
|
||||
<type>XSS</type>
|
||||
@@ -7908,4 +7926,15 @@
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="polldaddy">
|
||||
<vulnerability>
|
||||
<title>Polldaddy Polls and Ratings 2.0.20 - Cross-Site Request Forgery Vulnerability</title>
|
||||
<references>
|
||||
<secunia>55464</secunia>
|
||||
</references>
|
||||
<type>CSRF</type>
|
||||
<fixed_in>2.0.21</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
</vulnerabilities>
|
||||
|
||||
@@ -1881,6 +1881,7 @@
|
||||
<title>Curvo - wp-content/themes/curvo/functions/upload-handler.php File Upload CSRF</title>
|
||||
<references>
|
||||
<osvdb>99043</osvdb>
|
||||
<exploitdb>29211</exploitdb>
|
||||
<url>http://packetstormsecurity.com/files/123799/</url>
|
||||
<url>http://packetstormsecurity.com/files/123820/</url>
|
||||
</references>
|
||||
@@ -1924,6 +1925,7 @@
|
||||
<vulnerability>
|
||||
<title>Think Responsive 1.0 - Arbitrary shell upload vulnerability</title>
|
||||
<references>
|
||||
<exploitdb>29332</exploitdb>
|
||||
<url>http://packetstormsecurity.com/files/123880/</url>
|
||||
</references>
|
||||
<type>RCE</type>
|
||||
@@ -1952,8 +1954,10 @@
|
||||
|
||||
<theme name="switchblade">
|
||||
<vulnerability>
|
||||
<title>Switchblade - Arbitrary File Upload Vulnerability</title>
|
||||
<title>Switchblade 1.3 - Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<osvdb>88918</osvdb>
|
||||
<exploitdb>29330</exploitdb>
|
||||
<url>http://1337day.com/exploit/21457</url>
|
||||
</references>
|
||||
<type>UPLOAD</type>
|
||||
|
||||
Reference in New Issue
Block a user