Posts Tagged ‘WordPress plugins’


Wordpress VulnerabilitiesThe latest Cross-site scripting vulnerabilities in WordPress plugins

Three new Cross-site scripting vulnerabilities in WordPress plugins: MaxButtons (vulnerability CVE-2014-7181), WP Google Maps(vulnerabiliy CVE-2014-7182), and WooCommerce(vulnerability CVE-2014-6313).

1. Cross-site scripting in WordPress MaxButtons

Danger of level: Low
Availability of corrections: Yes
Quantity of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7
CVE ID: CVE-2014-7181 (more…)

Wordpress VulnerabilitiesThe latest Cross-site scripting vulnerabilities in WordPress plugins

Five Cross-site scripting vulnerabilities in WordPress plugins: Profile Builder, Photo Gallery, EWWW Image Optimizer, Contact Form DB, and Google Calendar Events.

1. Cross-site scripting in WordPress Profile Builder Plugin

Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7 (more…)

Wordpress VulnerabilitiesThe latest vulnerabilities in WordPress plugins

Three Security Bypass vulnerabilities in WordPress plugins: Access Areas, Download Manager, and DukaPress.

1. Security Bypass in WordPress Access Areas Plugin

Danger: Low
Availability of Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: P / I: P / A: P / E: U / RL: O / RC: C) = Base: 7.5 / Temporal: 5.5 (more…)

Multiple Vulnerabilities in plugins

Multiple Vulnerabilities

Latest vulnerabilities in popular plugins for WordPress: Covert VideoPress, Digg Digg, Video Gallery and Related Posts.

  • Cross-site scripting WordPress Covert VideoPress

Danger level: Low
The presence of fixes: No
The number of vulnerabilities: 1

Vector of operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress Covert VideoPress Theme

Affected versions: WordPress Covert VideoPress (more…)