Posts Tagged ‘WordPress vulnerabilities’

Wordpress VulnerabilitiesHere three vulnerabilities found in plugins of Content Management System WordPress: Disclosure of sensitive data in XCloner, SQL-injection in WP Symposium Plugin, and Cross-site scripting (CSRF-attack) in W3 Total Cache Plugin.

1. Disclosure of sensitive data in WordPress XCloner

Danger level: Low
Availability correction: None
The number of vulnerabilities: 1
CVSSv2 rating: (AV: L / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: U / RC: C) = Base: 2.1 / Temporal: 1.8

Vector of operation: Local
Impact: Arbitrary command execution, Disclosure of sensitive data (more…)

Wordpress VulnerabilitiesThe researchers emphasize that the gaps in the free app puts at risk the safety of hundreds of thousands of web resources.

According to the Walter Hop’s notification, a security researcher and founder of Netherlands-based Web development company Slik, he was able to find a number of vulnerabilities in popular free application InfiniteWP Admin Panel, which use administrators of the content management system WordPress.

According to the developers of the affected product, for all the history of the project, it has been downloaded at least 875,000 times and is utilized by over 318,000 web sites. With it, administrators can work with multiple installations through one control panel. (more…)

Wordpress VulnerabilitiesDangerous vulnerability in the popular (around 850,000 downloads) WordPress Download Manager plugin. The vulnerability was discovered and disclosed last week. Exploitation of this vulnerability allows an attacker to take remotely control of the target web-site through the introduction of backdoors and modify user passwords.

Specialists of the company Sucuri found dangerous vulnerability in the WordPress Download Manager Plugin. Exploitation of this flaw allows an remote attacker to gain control of the target web-site through the introduction of backdoors and modification of user passwords. (more…)

Wordpress VulnerabilitiesPrivilege escalation and potential Object Injection vulnerability. The vulnerability allows a remote user to cause a denial of service and data manipulation.

Danger level: average
The presence of fixes: Yes
The number of vulnerabilities: 1
CVSSv2 rating: (AV: N / AC: L / Au: N / C: N / I: P / A: P / E: U / RL: O / RC: C) = Base: 6.4 / Temporal: 4.7

Vector of operation: Remote
Impact: Denial of service, Unauthorized modification of data (more…)

Wordpress VulnerabilitiesNew multiple vulnerabilities have been discovered in WordPress Content Management System which allows a remote user to take control of the affected system.

Danger level: Medium
Availability of fixes: Yes
Number of vulnerabilities: 4

CVE ID: No Information

Vector of operation: Remote
Impact: Cross-site scripting, Denial of service, Security Bypass (more…)

Wordpress VulnerabilitiesInformation leak and access control bypass in WordPress WP eCommerce Plugin

Exploitation of this vulnerability allows criminals to export all the user names, addresses and other confidential information of clients.

Experts of the company Sucuri found dangerous vulnerability in the plugin “WP eCommerce”, which allows attackers to easily access and edit personal information of users.

Exploitation of the vulnerability allows criminals to export all the user names, addresses and other confidential information of clients that ever made a purchase through the plugin. Also, attackers can change the status of the order (from non-paid to paid and vice versa). At the moment, the plugin developer has released a patched version of WP eCommerce 3.8.14.4. (more…)

Wordpress VulnerabilitiesThe latest vulnerabilities in WordPress plugins

Three Security Bypass vulnerabilities in WordPress plugins: Access Areas, Download Manager, and DukaPress.

1. Security Bypass in WordPress Access Areas Plugin

Danger: Low
Availability of Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: P / I: P / A: P / E: U / RL: O / RC: C) = Base: 7.5 / Temporal: 5.5 (more…)

WordPress vulnerabilities

WordPress vulnerabilities

Vulnerability: Security Bypass WordPress MailUp

Danger level: Avarage
Patch: None
Number of vulnerabilities: 1

CVE ID: CVE-2013-0731
Vector of operation: Remote
Impact: Security Bypass

Affected products: WordPress MailUp Plugin 1.x

Affected versions: WordPress MailUp 1.3.2, perhaps the only one. (more…)

Wordpress VulnerabilityVulnerability: Multiple vulnerabilities in WordPress

Danger: Average
Patch: Yes
Number of vulnerabilities: 3

Vector of operation: Remote
Impact: Cross Site Scripting, Disclosure of sensitive data

Affected products: WordPress 3.x

Affected versions: WordPress version to 3.5.1. (more…)