New Cross-site scripting Vulnerabilities in WordPress Plugins – October 10, 2014

Posted: October 10, 2014 in Vulnerabilities
Tags: , ,

Wordpress VulnerabilitiesThe latest Cross-site scripting vulnerabilities in WordPress plugins

Five Cross-site scripting vulnerabilities in WordPress plugins: Profile Builder, Photo Gallery, EWWW Image Optimizer, Contact Form DB, and Google Calendar Events.

1. Cross-site scripting in WordPress Profile Builder Plugin

Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7

Vector operation: Remote
Impact: Cross-site scripting (XSS attack)

Affected products: WordPress Profile Builder Plugin 1.x
Affected versions: WordPress Profile Builder version to 1.1.66

Description:

The vulnerability allows a remote user produce XSS attack.

The vulnerability is caused due to insufficient processing of the input data associated with forms. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Solution: Install the latest version 1.1.66 from the manufacturer.

Link: https://wordpress.org/plugins/profile-builder/changelog/

2. Cross-site scripting in WordPress Photo Gallery Plugin

Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7
CVE ID: CVE-2014-6315
Vector operation: Remote
Impact: Cross-site scripting (XSS attack)

Affected products: WordPress PICA Photo Gallery Plugin 1.x
Affected: WordPress Photo Gallery version to 1.1.31

Description:
The vulnerability make possible for the remote user to produce XSS attack.

The vulnerability is caused due to insufficient input data processing in the GET parameter “callback”, “dir” and “extensions” in the script wp-admin / admin-ajax.php. A remote user can with the help of a specially formed links to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Solution: Install the latest version 1.1.31 from the manufacturer.

Link: https://www.htbridge.com/advisory/HTB23232

3. Cross-site scripting in WordPress EWWW Image Optimizer

Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7
CVE ID: CVE-2014-6243
Vector operation: Remote
Impact: Cross-site scripting (XSS attack)

Affected products: WordPress EWWW Image Optimizer 2.x
Affected versions: WordPress EWWW Image Optimizer 2.0.1, possibly earlier versions

Description:
The vulnerability make possible for the remote user to produce XSS attack.
The vulnerability is caused due to insufficient processing of the input data in HTTP GET parameter “page” in the script /wp-admin/options-general.php. This can be exploited via a specially crafted link to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Note: Successful exploitation of this vulnerability requires that a function JavaScript “alert ()” displayed the manager’s cookies.

Solution: Install the latest version 2.0.2 from the manufacturer.

Links: https://www.htbridge.com/advisory/HTB23234

4. Cross-site scripting in WordPress Contact Form DB

Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7
CVE ID: CVE-2014-7139
Vector operation: Remote
Impact: Cross-site scripting

Affected products: WordPress Contact Form DB 2.x
Affected versions: WordPress Contact Form DB 2.8.13, possibly earlier versions

Description:
The vulnerability allows a remote user produce XSS attack.

The vulnerability is caused due to insufficient processing of the input data in HTTP GET parameter “form” in the script /wp-admin/admin.php, as well as HTTP GET parameter “enc” in the script /wp-admin/admin.php. This can be exploited via a specially crafted link to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Solution: Install the latest version 2.8.16 from the manufacturer.

Link: https://www.htbridge.com/advisory/HTB23233

5. Cross-site scripting in WordPress Google Calendar Events

Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7
CVE ID: CVE-2014-7138
Vector operation: Remote
Impact: Cross-site scripting

Affected products: WordPress Google Calendar Events 2.x
Affected versions: WordPress Google Calendar Events 2.0.1, possibly earlier versions

Description:
The vulnerability allows a remote user to XXS-attack.

The vulnerability is caused due to insufficient processing of the input data in HTTP GET parameter “gce_feed_ids” in the script /wp-admin/admin-ajax.php. This can be exploited via a specially crafted link to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Solution: Install the latest version 2.0.4 from the manufacturer.

Links: https://www.htbridge.com/advisory/HTB23235


Manufacturers URLs:

wordpress.orgWordPress Contact Form DB
WordPress Profile Builder
WordPress EWWW Image Optimizer
WordPress Google Calendar Events
 WordPress Photo Gallery

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s