Resolve conflicts
This commit is contained in:
Christian Mehlmauer
@@ -21,26 +21,29 @@
|
||||
<type>LFI</type>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>UnGallery Arbitrary < 2.1.6 Command Execution</title>
|
||||
<title>UnGallery Arbitrary Command Execution</title>
|
||||
<reference>http://secunia.com/advisories/50875/</reference>
|
||||
<reference>http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/</reference>
|
||||
<type>RCE</type>
|
||||
<fixed_in>2.1.6</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="thanks-you-counter-button">
|
||||
<vulnerability>
|
||||
<title>Thank You Counter Button < 1.8.3 XSS</title>
|
||||
<title>Thank You Counter Button XSS</title>
|
||||
<reference>http://secunia.com/advisories/50977/</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>1.8.3</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="bookings">
|
||||
<vulnerability>
|
||||
<title>Bookings < 1.8.3 XSS</title>
|
||||
<title>Bookings XSS</title>
|
||||
<reference>http://secunia.com/advisories/50975/</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>1.8.3</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -55,17 +58,19 @@
|
||||
|
||||
<plugin name="fs-real-estate-plugin">
|
||||
<vulnerability>
|
||||
<title>WordPress FireStorm Professional Real Estate Plugin < 2.06.04 "id" SQL Injection Vulnerability</title>
|
||||
<title>WordPress FireStorm Professional Real Estate Plugin "id" SQL Injection Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/51107/</reference>
|
||||
<type>SQLI</type>
|
||||
<fixed_in>2.06.04</fixed_in>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>FireStorm Professional Real Estate Plugin < 2.06.03 Multiple SQL Injection</title>
|
||||
<title>FireStorm Professional Real Estate Plugin Multiple SQL Injection</title>
|
||||
<reference>http://secunia.com/advisories/50873/</reference>
|
||||
<reference>
|
||||
http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
|
||||
</reference>
|
||||
<type>SQLI</type>
|
||||
<fixed_in>2.06.03</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -123,13 +128,14 @@
|
||||
|
||||
<plugin name="google-document-embedder">
|
||||
<vulnerability>
|
||||
<title>Google Document Embedder < 2.5.4 Arbitrary File Disclosure</title>
|
||||
<title>Google Document Embedder Arbitrary File Disclosure</title>
|
||||
<reference>http://www.exploit-db.com/exploits/23970/</reference>
|
||||
<reference>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
|
||||
</reference>
|
||||
<reference>http://secunia.com/advisories/50832/</reference>
|
||||
<metasploit>exploit/unix/webapp/wp_google_document_embedder_exec</metasploit>
|
||||
<type>UNKNOWN</type>
|
||||
<fixed_in>2.5.4</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -211,10 +217,11 @@
|
||||
|
||||
<plugin name="levelfourstorefront">
|
||||
<vulnerability>
|
||||
<title>Shopping Cart <, 8.1.15 Shell Upload / SQL Injection</title>
|
||||
<title>Shopping Cart Shell Upload / SQL Injection</title>
|
||||
<reference>http://packetstormsecurity.com/files/119217/wplevelfour-sqlshell.txt</reference>
|
||||
<reference>http://secunia.com/advisories/51690/</reference>
|
||||
<type>MULTI</type>
|
||||
<fixed_in>8.1.15</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -454,9 +461,10 @@
|
||||
<type>XSS</type>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>WordPress Carousel Slideshow Plugin < 3.10 Unspecified Vulnerabilities</title>
|
||||
<title>WordPress Carousel Slideshow Plugin Unspecified Vulnerabilities</title>
|
||||
<reference>http://secunia.com/advisories/50377/</reference>
|
||||
<type>UNKNOWN</type>
|
||||
<fixed_in>3.10</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -517,9 +525,10 @@
|
||||
<type>XSS</type>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>WordPress Image News slider Plugin < 3.4 Unspecified Vulnerabilities</title>
|
||||
<title>WordPress Image News slider Plugin Unspecified Vulnerabilities</title>
|
||||
<reference>http://secunia.com/advisories/50390/</reference>
|
||||
<type>UNKNOWN</type>
|
||||
<fixed_in>3.4</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -601,11 +610,12 @@
|
||||
|
||||
<plugin name="cardoza-ajax-search">
|
||||
<vulnerability>
|
||||
<title>Ajax Post Search < 1.3 Sql Injection</title>
|
||||
<title>Ajax Post Search Sql Injection</title>
|
||||
<reference>http://seclists.org/bugtraq/2012/Nov/33</reference>
|
||||
<reference>http://secunia.com/advisories/51205/</reference>
|
||||
<reference>http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html</reference>
|
||||
<type>SQLI</type>
|
||||
<fixed_in>1.3</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -769,10 +779,11 @@
|
||||
|
||||
<plugin name="backup">
|
||||
<vulnerability>
|
||||
<title>Backup Plugin < 2.1 Information Disclosure</title>
|
||||
<title>Backup Plugin Information Disclosure</title>
|
||||
<reference>http://www.exploit-db.com/exploits/19524/</reference>
|
||||
<reference>http://secunia.com/advisories/50038/</reference>
|
||||
<type>UNKNOWN</type>
|
||||
<fixed_in>2.1</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -980,9 +991,10 @@
|
||||
<type>AUTHBYPASS</type>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>WordPress Mac Photo Gallery Plugin < 3.0 Multiple Script Insertion Vulnerabilities</title>
|
||||
<title>WordPress Mac Photo Gallery Plugin Multiple Script Insertion Vulnerabilities</title>
|
||||
<reference>http://secunia.com/advisories/49836/</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>3.0</fixed_in>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>Mac Photo Gallery 2.7 Arbitrary File Upload</title>
|
||||
@@ -1139,9 +1151,10 @@
|
||||
<type>MULTI</type>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>store-locator-le < 3.8.7 SQL Injection</title>
|
||||
<title>store-locator-le SQL Injection</title>
|
||||
<reference>http://secunia.com/advisories/51757/</reference>
|
||||
<type>SQLI</type>
|
||||
<fixed_in>3.8.7</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -1433,9 +1446,10 @@
|
||||
|
||||
<plugin name="login-with-ajax">
|
||||
<vulnerability>
|
||||
<title>Login With Ajax plugin < 3.0.4.1 Cross Site Scripting</title>
|
||||
<title>Login With Ajax plugin Cross Site Scripting</title>
|
||||
<reference>http://secunia.com/advisories/49013/</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>3.0.4.1</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -1462,9 +1476,10 @@
|
||||
|
||||
<plugin name="zingiri-web-shop">
|
||||
<vulnerability>
|
||||
<title>WordPress Zingiri Web Shop Plugin < 2.4.8 Cookie SQL Injection Vulnerability</title>
|
||||
<title>WordPress Zingiri Web Shop Plugin Cookie SQL Injection Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/49398/</reference>
|
||||
<type>SQLI</type>
|
||||
<fixed_in>2.4.8</fixed_in>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>Zingiri Web Shop <= 2.4.0 Multiple XSS Vulnerabilities</title>
|
||||
@@ -1711,9 +1726,10 @@
|
||||
|
||||
<plugin name="clickdesk-live-support-chat">
|
||||
<vulnerability>
|
||||
<title>Click Desk Live Support Chat < 2.0 Cross Site Scripting Vulnerability</title>
|
||||
<title>Click Desk Live Support Chat Cross Site Scripting Vulnerability</title>
|
||||
<reference>http://seclists.org/bugtraq/2011/Nov/148</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>2.0</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -2142,9 +2158,10 @@
|
||||
<type>MULTI</type>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>WP-Cumulus < 1.23 Cross Site Scripting Vulnerabily</title>
|
||||
<title>WP-Cumulus Cross Site Scripting Vulnerabily</title>
|
||||
<reference>http://seclists.org/fulldisclosure/2011/Nov/340</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>1.23</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -2573,9 +2590,10 @@
|
||||
|
||||
<plugin name="yolink-search">
|
||||
<vulnerability>
|
||||
<title>WordPress yolink Search Plugin < 2.6 "s" Cross-Site Scripting Vulnerability</title>
|
||||
<title>WordPress yolink Search Plugin "s" Cross-Site Scripting Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/52030/</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>2.6</fixed_in>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>yolink Search plugin <= 1.1.4 SQL Injection Vulnerability</title>
|
||||
@@ -2753,9 +2771,10 @@
|
||||
<type>SQLI</type>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>WordPress WP-Filebase Plugin < 0.2.9.25 Unspecified Vulnerabilities</title>
|
||||
<title>WordPress WP-Filebase Plugin Unspecified Vulnerabilities</title>
|
||||
<reference>http://secunia.com/advisories/51269/</reference>
|
||||
<type>UNKNOWN</type>
|
||||
<fixed_in>0.2.9.25</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -2840,9 +2859,10 @@
|
||||
<type>RFI</type>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>Mailing List < 1.4.1 Arbitrary file download</title>
|
||||
<title>Mailing List Arbitrary file download</title>
|
||||
<reference>http://www.exploit-db.com/exploits/18276/</reference>
|
||||
<type>UNKNOWN</type>
|
||||
<fixed_in>1.4.1</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -3047,9 +3067,10 @@
|
||||
|
||||
<plugin name="gd-star-rating">
|
||||
<vulnerability>
|
||||
<title>WordPress GD Star Rating Plugin < 1.9.19 Export Security Bypass Security Issue</title>
|
||||
<title>WordPress GD Star Rating Plugin Export Security Bypass Security Issue</title>
|
||||
<reference>http://secunia.com/advisories/49850/</reference>
|
||||
<type>AUTHBYPASS</type>
|
||||
<fixed_in>1.9.19</fixed_in>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>GD Star Rating plugin <= 1.9.16 Cross Site Scripting</title>
|
||||
@@ -3083,19 +3104,22 @@
|
||||
<type>XSS</type>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>WP Photo Album Plus < 4.9.1 Full Path Disclosure</title>
|
||||
<title>WP Photo Album Plus Full Path Disclosure</title>
|
||||
<reference>http://1337day.com/exploit/20125</reference>
|
||||
<type>FPD</type>
|
||||
<fixed_in>4.9.1</fixed_in>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>WP Photo Album Plus < 4.9.3 XSS</title>
|
||||
<title>WP Photo Album Plus XSS</title>
|
||||
<reference>http://secunia.com/advisories/51829/</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>4.9.3</fixed_in>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>WP Photo Album Plus < 4.9.3 XSS</title>
|
||||
<title>WP Photo Album Plus XSS</title>
|
||||
<reference>http://secunia.com/advisories/51669/</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>4.9.3</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -3114,46 +3138,51 @@
|
||||
|
||||
<plugin name="portable-phpmyadmin">
|
||||
<vulnerability>
|
||||
<title>portable-phpMyAdmin < 1.3.1 Authentication Bypass</title>
|
||||
<title>portable-phpMyAdmin Authentication Bypass</title>
|
||||
<reference>http://www.exploit-db.com/exploits/23356</reference>
|
||||
<reference>http://secunia.com/advisories/51520/</reference>
|
||||
<type>AUTHBYPASS</type>
|
||||
<fixed_in>1.3.1</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="super-refer-a-friend">
|
||||
<vulnerability>
|
||||
<title>super-refer-a-friend < 1.0 Full Path Disclosure</title>
|
||||
<title>super-refer-a-friend Full Path Disclosure</title>
|
||||
<reference>http://1337day.com/exploit/20126</reference>
|
||||
<type>FPD</type>
|
||||
<fixed_in>1.0</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="w3-total-cache">
|
||||
<vulnerability>
|
||||
<title>W3-Total-Cache 0.9.2.4 (or before) Username and Hash Extract</title>
|
||||
<title>W3-Total-Cache Username and Hash Extract</title>
|
||||
<reference>http://seclists.org/fulldisclosure/2012/Dec/242</reference>
|
||||
<reference>https://github.com/FireFart/W3TotalCacheExploit</reference>
|
||||
<metasploit>auxiliary/gather/wp_w3_total_cache_hash_extract</metasploit>
|
||||
<type>UNKNOWN</type>
|
||||
<fixed_in>0.9.2.5</fixed_in>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>W3-Total-Cache < 0.9.2.9 Remote Code Execution</title>
|
||||
<title>W3-Total-Cache Remote Code Execution</title>
|
||||
<reference>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</reference>
|
||||
<reference>http://wordpress.org/support/topic/pwn3d</reference>
|
||||
<reference>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</reference>
|
||||
<metasploit>exploits/unix/webapp/php_wordpress_total_cache</metasploit>
|
||||
<type>RCE</type>
|
||||
<fixed_in>0.9.2.9</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="wp-super-cache">
|
||||
<vulnerability>
|
||||
<title>WP-Super-Cache < 1.3.1 Remote Code Execution</title>
|
||||
<title>WP-Super-Cache Remote Code Execution</title>
|
||||
<reference>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</reference>
|
||||
<reference>http://wordpress.org/support/topic/pwn3d</reference>
|
||||
<reference>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</reference>
|
||||
<type>RCE</type>
|
||||
<fixed_in>1.3.1</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -3196,30 +3225,34 @@
|
||||
|
||||
<plugin name="simple-login-log">
|
||||
<vulnerability>
|
||||
<title>Simple Login Log Plugin < 0.9.4 XSS</title>
|
||||
<title>Simple Login Log Plugin XSS</title>
|
||||
<reference>http://secunia.com/advisories/51780/</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>0.9.4</fixed_in>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>Simple Login Log Plugin < 0.9.4 SQL Injection</title>
|
||||
<title>Simple Login Log Plugin SQL Injection</title>
|
||||
<reference>http://secunia.com/advisories/51780/</reference>
|
||||
<type>SQLI</type>
|
||||
<fixed_in>0.9.4</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="wp-slimstat">
|
||||
<vulnerability>
|
||||
<title>wp-slimstat < 2.8.5 XSS</title>
|
||||
<title>wp-slimstat XSS</title>
|
||||
<reference>http://secunia.com/advisories/51721/</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>2.8.5</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="browser-rejector">
|
||||
<vulnerability>
|
||||
<title>browser-rejector < 2.11 Remote and Local File Inclusion</title>
|
||||
<title>browser-rejector Remote and Local File Inclusion</title>
|
||||
<reference>http://secunia.com/advisories/51739/</reference>
|
||||
<type>LFI</type>
|
||||
<fixed_in>2.11</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -3233,9 +3266,10 @@
|
||||
|
||||
<plugin name="cardoza-wordpress-poll">
|
||||
<vulnerability>
|
||||
<title>WordPress Poll Plugin < 34.06 Cross-Site Request Forgery Vulnerability</title>
|
||||
<title>WordPress Poll Plugin Cross-Site Request Forgery Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/51925/</reference>
|
||||
<type>CSRF</type>
|
||||
<fixed_in>34.06</fixed_in>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin</title>
|
||||
@@ -3245,9 +3279,10 @@
|
||||
<type>SQLI</type>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>WordPress Poll Plugin < 33.6 Multiple SQL Injection Vulnerabilities</title>
|
||||
<title>WordPress Poll Plugin Multiple SQL Injection Vulnerabilities</title>
|
||||
<reference>http://secunia.com/advisories/50910/</reference>
|
||||
<type>SQLI</type>
|
||||
<fixed_in>33.6</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -3263,26 +3298,29 @@
|
||||
|
||||
<plugin name="dvs-custom-notification">
|
||||
<vulnerability>
|
||||
<title>WordPress DVS Custom Notification Plugin < 1.0.1 Cross-Site Request Forgery Vulnerability</title>
|
||||
<title>WordPress DVS Custom Notification Plugin Cross-Site Request Forgery Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/51531/</reference>
|
||||
<type>CSRF</type>
|
||||
<fixed_in>1.0.1</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="events-manager">
|
||||
<vulnerability>
|
||||
<title>WordPress Events Manager Plugin < 5.3.4 Multiple Cross-Site Scripting Vulnerabilities</title>
|
||||
<title>WordPress Events Manager Plugin Multiple Cross-Site Scripting Vulnerabilities</title>
|
||||
<reference>http://secunia.com/advisories/51869/</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>5.3.4</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="solvemedia">
|
||||
<vulnerability>
|
||||
<title>WordPress SolveMedia < 1.1.1 CSRF Vulnerability</title>
|
||||
<title>WordPress SolveMedia CSRF Vulnerability</title>
|
||||
<reference>http://1337day.com/exploit/20222</reference>
|
||||
<reference>http://secunia.com/advisories/51927/</reference>
|
||||
<type>CSRF</type>
|
||||
<fixed_in>1.1.1</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -3328,9 +3366,10 @@
|
||||
|
||||
<plugin name="wp-tiger">
|
||||
<vulnerability>
|
||||
<title>WordPress vTiger CRM Lead Capture Plugin < 1.1.0 Unspecified Vulnerability</title>
|
||||
<title>WordPress vTiger CRM Lead Capture Plugin Unspecified Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/51305/</reference>
|
||||
<type>UNKNOWN</type>
|
||||
<fixed_in>1.1.0</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -3352,18 +3391,20 @@
|
||||
|
||||
<plugin name="wysija-newsletters">
|
||||
<vulnerability>
|
||||
<title>SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin < 2.2.1</title>
|
||||
<title>SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin</title>
|
||||
<reference>https://www.htbridge.com/advisory/HTB23140</reference>
|
||||
<reference>http://packetstormsecurity.com/files/120089/wpwysijanl-sql.txt</reference>
|
||||
<reference>http://seclists.org/bugtraq/2013/Feb/29</reference>
|
||||
<reference>http://cxsecurity.com/issue/WLB-2013020039</reference>
|
||||
<type>SQLI</type>
|
||||
<fixed_in>2.2.1</fixed_in>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>WordPress Wysija Newsletters Plugin < 2.1.7 swfupload Cross-Site Scripting Vulnerability</title>
|
||||
<title>WordPress Wysija Newsletters Plugin swfupload Cross-Site Scripting Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/51249/</reference>
|
||||
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>2.1.7</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -3393,65 +3434,73 @@
|
||||
|
||||
<plugin name="form">
|
||||
<vulnerability>
|
||||
<title>WordPress Zingiri Form Builder Plugin < 1.2.1 "error" Cross-Site Scripting Vulnerability</title>
|
||||
<title>WordPress Zingiri Form Builder Plugin "error" Cross-Site Scripting Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/50983/</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>1.2.1</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="white-label-cms">
|
||||
<vulnerability>
|
||||
<title>WordPress White Label CMS Plugin < 1.5.1 Cross-Site Request Forgery Vulnerability</title>
|
||||
<title>WordPress White Label CMS Plugin Cross-Site Request Forgery Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/50487/</reference>
|
||||
<type>CSRF</type>
|
||||
<fixed_in>1.5.1</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="download-shortcode">
|
||||
<vulnerability>
|
||||
<title>Wordpress Download Shortcode Plugin < 0.2.1 "file" Arbitrary File Disclosure Vulnerability</title>
|
||||
<title>Wordpress Download Shortcode Plugin "file" Arbitrary File Disclosure Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/50924/</reference>
|
||||
<type>LFI</type>
|
||||
<fixed_in>0.2.1</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="crayon-syntax-hightlighter">
|
||||
<vulnerability>
|
||||
<title>WordPress Crayon Syntax Highlighter Plugin < 1.13"wp_load" Remote File Inclusion Vulnerability</title>
|
||||
<title>WordPress Crayon Syntax Highlighter Plugin "wp_load" Remote File Inclusion Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/50804/</reference>
|
||||
<type>RFI</type>
|
||||
<fixed_in>1.13</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="eshop-magic">
|
||||
<vulnerability>
|
||||
<title>WordPress eShop Magic Plugin < 0.2 "file" Arbitrary File Disclosure Vulnerability</title>
|
||||
<title>WordPress eShop Magic Plugin "file" Arbitrary File Disclosure Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/50933/</reference>
|
||||
<type>LFI</type>
|
||||
<fixed_in>0.2</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="pinterest-pin-it-button">
|
||||
<vulnerability>
|
||||
<title>WordPress Pinterest "Pin It" Button Lite Plugin < 1.4.0 Multiple Unspecified Vulnerabilities</title>
|
||||
<title>WordPress Pinterest "Pin It" Button Lite Plugin Multiple Unspecified Vulnerabilities</title>
|
||||
<reference>http://secunia.com/advisories/50868/</reference>
|
||||
<type>MULTI</type>
|
||||
<fixed_in>1.4.0</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="css-plus">
|
||||
<vulnerability>
|
||||
<title>WordPress CSS Plus Plugin < 1.3.2 Unspecified Vulnerabilities</title>
|
||||
<title>WordPress CSS Plus Plugin Unspecified Vulnerabilities</title>
|
||||
<reference>http://secunia.com/advisories/50793/</reference>
|
||||
<type>UNKNOWN</type>
|
||||
<fixed_in>1.3.2</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="multisite-plugin-manager">
|
||||
<vulnerability>
|
||||
<title>WordPress Multisite Plugin Manager Plugin < 3.1.2 Two Cross-Site Scripting Vulnerabilities</title>
|
||||
<title>WordPress Multisite Plugin Manager Plugin Two Cross-Site Scripting Vulnerabilities</title>
|
||||
<reference>http://secunia.com/advisories/50762/</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>3.1.2</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -3502,9 +3551,10 @@
|
||||
<type>XSS</type>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>WordPress WP-TopBar Plugin < 4.0.3 Cross-Site Request Forgery Vulnerability</title>
|
||||
<title>WordPress WP-TopBar Plugin Cross-Site Request Forgery Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/50693/</reference>
|
||||
<type>CSRF</type>
|
||||
<fixed_in>4.0.3</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -3518,25 +3568,28 @@
|
||||
|
||||
<plugin name="cloudsafe365-for-wp">
|
||||
<vulnerability>
|
||||
<title>WordPress Cloudsafe365 Plugin < 1.47 Multiple Vulnerabilities</title>
|
||||
<title>WordPress Cloudsafe365 Plugin Multiple Vulnerabilities</title>
|
||||
<reference>http://secunia.com/advisories/50392/</reference>
|
||||
<type>MULTI</type>
|
||||
<fixed_in>1.47</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="vitamin">
|
||||
<vulnerability>
|
||||
<title>WordPress Vitamin Plugin < 1.1 Two Arbitrary File Disclosure Vulnerabilities</title>
|
||||
<title>WordPress Vitamin Plugin Two Arbitrary File Disclosure Vulnerabilities</title>
|
||||
<reference>http://secunia.com/advisories/50176/</reference>
|
||||
<type>LFI</type>
|
||||
<fixed_in>1.1</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="featured-post-with-thumbnail">
|
||||
<vulnerability>
|
||||
<title>WordPress Featured Post with thumbnail Plugin < 1.5 Unspecified timthumb Vulnerability</title>
|
||||
<title>WordPress Featured Post with thumbnail Plugin Unspecified timthumb Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/50161/</reference>
|
||||
<type>UNKNOWN</type>
|
||||
<fixed_in>1.5</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -3550,10 +3603,11 @@
|
||||
|
||||
<plugin name="xve-various-embed">
|
||||
<vulnerability>
|
||||
<title>WordPress XVE Various Embed Plugin JW Player < 1.0.4 Multiple Cross-Site Scripting Vulnerabilities
|
||||
<title>WordPress XVE Various Embed Plugin JW Player Multiple Cross-Site Scripting Vulnerabilities
|
||||
</title>
|
||||
<reference>http://secunia.com/advisories/50173/</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>1.0.4</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -3567,41 +3621,46 @@
|
||||
|
||||
<plugin name="kau-boys-backend-localization">
|
||||
<vulnerability>
|
||||
<title>WordPress Backend Localization Plugin < 2.0 Cross-Site Scripting Vulnerabilities</title>
|
||||
<title>WordPress Backend Localization Plugin Cross-Site Scripting Vulnerabilities</title>
|
||||
<reference>http://secunia.com/advisories/50099/</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>2.0</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="flexi-quote-rotator">
|
||||
<vulnerability>
|
||||
<title>WordPress Flexi Quote Rotator Plugin < 0.9.2 Cross-Site Request Forgery and SQL Injection Vulnerabilities</title>
|
||||
<title>WordPress Flexi Quote Rotator Plugin Cross-Site Request Forgery and SQL Injection Vulnerabilities</title>
|
||||
<reference>http://secunia.com/advisories/49910/</reference>
|
||||
<type>MULTI</type>
|
||||
<fixed_in>0.9.2</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="gotmls">
|
||||
<vulnerability>
|
||||
<title>WordPress Get Off Malicious Scripts < 1.2.07.20 Cross-Site Scripting Vulnerability</title>
|
||||
<title>WordPress Get Off Malicious Scripts Cross-Site Scripting Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/50030/</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>1.2.07.20</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="cimy-user-extra-fields">
|
||||
<vulnerability>
|
||||
<title>WordPress Cimy User Extra Fields Plugin < 2.3.9 Arbitrary File Upload Vulnerability</title>
|
||||
<title>WordPress Cimy User Extra Fields Plugin Arbitrary File Upload Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/49975/</reference>
|
||||
<type>UPLOAD</type>
|
||||
<fixed_in>2.3.9</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="nmedia-user-file-uploader">
|
||||
<vulnerability>
|
||||
<title>WordPress Nmedia Users File Uploader Plugin < 2.0 Arbitrary File Upload Vulnerability</title>
|
||||
<title>WordPress Nmedia Users File Uploader Plugin Arbitrary File Upload Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/49996/</reference>
|
||||
<type>UPLOAD</type>
|
||||
<fixed_in>2.0</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -3655,9 +3714,10 @@
|
||||
|
||||
<plugin name="simple-history">
|
||||
<vulnerability>
|
||||
<title>WordPress Simple History Plugin < 1.0.8 RSS Feed "rss_secret" Disclosure Weakness</title>
|
||||
<title>WordPress Simple History Plugin RSS Feed "rss_secret" Disclosure Weakness</title>
|
||||
<reference>http://secunia.com/advisories/51998/</reference>
|
||||
<type>UNKNOWN</type>
|
||||
<fixed_in>1.0.8</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -3676,11 +3736,12 @@
|
||||
<type>XSS</type>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>Wordpress wp-table-reloaded plugin < 1.9.4 cross-site scripting in SWF</title>
|
||||
<title>Wordpress wp-table-reloaded plugin cross-site scripting in SWF</title>
|
||||
<reference>http://packetstormsecurity.com/files/119968/wptablereloaded-xss.txt</reference>
|
||||
<reference>http://secunia.com/advisories/52027/</reference>
|
||||
<reference>http://seclists.org/bugtraq/2013/Feb/28</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>1.9.4</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -3710,13 +3771,14 @@
|
||||
|
||||
<plugin name="commentluv">
|
||||
<vulnerability>
|
||||
<title>Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin < 2.92.4</title>
|
||||
<title>Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin</title>
|
||||
<reference>https://www.htbridge.com/advisory/HTB23138</reference>
|
||||
<reference>http://packetstormsecurity.com/files/120090/wpcommentluv-xss.txt</reference>
|
||||
<reference>http://seclists.org/bugtraq/2013/Feb/30</reference>
|
||||
<reference>http://cxsecurity.com/issue/WLB-2013020040</reference>
|
||||
<reference>http://secunia.com/advisories/52092/</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>2.92.4</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -3730,18 +3792,20 @@
|
||||
|
||||
<plugin name="wp-ecommerce-shop-styling">
|
||||
<vulnerability>
|
||||
<title>WordPress WP ecommerce Shop Styling Plugin < 1.8 "dompdf" Remote File Inclusion Vulnerability</title>
|
||||
<title>WordPress WP ecommerce Shop Styling Plugin "dompdf" Remote File Inclusion Vulnerability</title>
|
||||
<reference>http://secunia.com/advisories/51707/</reference>
|
||||
<type>RFI</type>
|
||||
<fixed_in>1.8</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="audio-player">
|
||||
<vulnerability>
|
||||
<title>Wordpress Audio Player Plugin < 2.0.4.6 XSS in SWF</title>
|
||||
<title>Wordpress Audio Player Plugin XSS in SWF</title>
|
||||
<reference>http://seclists.org/bugtraq/2013/Feb/35</reference>
|
||||
<reference>http://secunia.com/advisories/52083/</reference>
|
||||
<type>XSS</type>
|
||||
<fixed_in>2.0.4.6</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -4137,12 +4201,12 @@
|
||||
|
||||
<plugin name="open-flash-chart-core-wordpress-plugin">
|
||||
<vulnerability>
|
||||
<title>ofc_upload_image.php < 0.5 Arbitrary File Upload Vulnerability</title>
|
||||
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
|
||||
<reference>http://www.exploit-db.com/exploits/24492/</reference>
|
||||
<reference>http://secunia.com/advisories/37903</reference>
|
||||
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4140</reference>
|
||||
<type>UPLOAD</type>
|
||||
<!--<fixed_in>0.5</fixed_in>-->
|
||||
<fixed_in>0.5</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -4212,65 +4276,68 @@
|
||||
|
||||
<plugin name="bigcontact">
|
||||
<vulnerability>
|
||||
<title>bigcontact < 1.4.7 SQLI</title>
|
||||
<title>bigcontact SQLI</title>
|
||||
<reference>http://plugins.trac.wordpress.org/changeset/689798</reference>
|
||||
<type>SQLI</type>
|
||||
<fixed_in>1.4.7</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="drawblog">
|
||||
<vulnerability>
|
||||
<title>drawblog < 0.81 CSRF</title>
|
||||
<title>drawblog CSRF</title>
|
||||
<reference>http://plugins.trac.wordpress.org/changeset/691178</reference>
|
||||
<type>CSRF</type>
|
||||
<fixed_in>0.81</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="social-media-widget">
|
||||
<vulnerability>
|
||||
<title>social-media-widget < 4.0.2 malicious code</title>
|
||||
<title>social-media-widget malicious code</title>
|
||||
<reference>http://plugins.trac.wordpress.org/changeset?reponame=&old=691839%40social-media-widget%2Ftrunk&new=693941%40social-media-widget%2Ftrunk</reference>
|
||||
<reference>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot</reference>
|
||||
<type>UNKNOWN</type>
|
||||
<fixed_in>4.0.2</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="facebook-members">
|
||||
<vulnerability>
|
||||
<title>facebook-members < 5.0.5 CSRF</title>
|
||||
<title>facebook-members CSRF</title>
|
||||
<reference>https://secunia.com/advisories/52962/</reference>
|
||||
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2703</reference>
|
||||
<type>CSRF</type>
|
||||
<!--<fixed_in>5.0.5</fixed_in>-->
|
||||
<fixed_in>5.0.5</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="foursquare-checkins">
|
||||
<vulnerability>
|
||||
<title>foursquare-checkins < 1.3 CSRF</title>
|
||||
<title>foursquare-checkins CSRF</title>
|
||||
<reference>https://secunia.com/advisories/53151/</reference>
|
||||
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2709</reference>
|
||||
<type>CSRF</type>
|
||||
<!--<fixed_in>1.3</fixed_in>-->
|
||||
<fixed_in>1.3</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="formidable">
|
||||
<vulnerability>
|
||||
<title>formidable Pro < 1.06.09 Unspecified Vulnerabilities</title>
|
||||
<title>formidable Pro Unspecified Vulnerabilities</title>
|
||||
<reference>https://secunia.com/advisories/53121/</reference>
|
||||
<type>UNKNOWN</type>
|
||||
<!--<fixed_in>1.06.09</fixed_in>-->
|
||||
<fixed_in>1.06.09</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="all-in-one-webmaster">
|
||||
<vulnerability>
|
||||
<title>all-in-one-webmaster < 8.2.4 CSRF</title>
|
||||
<title>all-in-one-webmaster CSRF</title>
|
||||
<reference>https://secunia.com/advisories/52877/</reference>
|
||||
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2696</reference>
|
||||
<type>CSRF</type>
|
||||
<!--<fixed_in>8.2.4</fixed_in>-->
|
||||
<fixed_in>8.2.4</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -4300,29 +4367,29 @@
|
||||
|
||||
<plugin name="syntaxhighlighter">
|
||||
<vulnerability>
|
||||
<title>syntaxhighlighter < 3.1.6 clipboard.swf XSS</title>
|
||||
<title>syntaxhighlighter clipboard.swf XSS</title>
|
||||
<reference>https://secunia.com/advisories/53235/</reference>
|
||||
<type>XSS</type>
|
||||
<!--<fixed_in>3.1.6</fixed_in>-->
|
||||
<fixed_in>3.1.6</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="top-10">
|
||||
<vulnerability>
|
||||
<title>top-10 < 1.9.3 CSRF</title>
|
||||
<title>top-10 CSRF</title>
|
||||
<reference>https://secunia.com/advisories/53205/</reference>
|
||||
<type>CSRF</type>
|
||||
<!--<fixed_in>1.9.3</fixed_in>-->
|
||||
<fixed_in>1.9.3</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
<plugin name="easy-adsense-lite">
|
||||
<vulnerability>
|
||||
<title>easy-adsense-lite < 6.20 CSRF</title>
|
||||
<title>easy-adsense-lite CSRF</title>
|
||||
<reference>https://secunia.com/advisories/52953/</reference>
|
||||
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2702</reference>
|
||||
<type>CSRF</type>
|
||||
<!--<fixed_in>6.20</fixed_in>-->
|
||||
<fixed_in>6.20</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user