Posts Tagged ‘WordPress’

Wordpress VulnerabilityVulnerability: Cross-site scripting WordPress Count per Day

Danger level: Low
Patch: None
Number of vulnerabilities: 1

Operation vector: Remote
Impact: Cross Site Scripting

Affected products: WordPress Count per Day Plugin 3.x

Affected versions: WordPress Count per Day 3.2.5, possibly earlier.

Description:

The vulnerability allows malicious people to conduct XSS attacks.

The vulnerability is caused due to insufficient input validation in the parameter “daytoshow” in script wp-content/wp-admin/index.php (when the parameter “page” is “cpd_metaboxes”). This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. (more…)

XSS in WordPress Audio Player

XSS in WordPress Audio Player

Vulnerability: Cross-site scripting in WordPress Audio Player

Danger level: Low
Patch: Yes
Number of vulnerabilities: 1

CVE ID: CVE-2013-1464
Vector of operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress Audio Player Plugin 2.x

Affected versions: WordPress Audio Player 2.0.4.5, possibly earlier. (more…)

Wordpress VulnerabilityVulnerability: Security Bypass WordPress Portable phpMyAdmin

Danger: Average
Patch: Yes
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: Bypass of Security

Affected products: WordPress Portable phpMyAdmin Plugin 1.x

Affected versions: WordPress Portable phpMyAdmin version to 1.3.1.

Description:

Which can be exploited by malicious people to bypass certain security restrictions. (more…)

Wordpress Vulnerability

XSS in WordPress

Vulnerability: CSRF attack in WordPress Knews Multilingual Newsletters

Danger: Low
Patch: Yes
Number of vulnerabilities: 1

Vector operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress Knews Multilingual Newsletters Plugin 1.x

Affected versions: Knews WordPress Multilingual Newsletters 1.2.5, possibly earlier.

Description:

The vulnerability allows malicious people to conduct XSS attacks.

The vulnerability is caused due to the lack of authentication of HTTP requests when you perform some action. A remote user can perform CSRF attack and change the e-mail address. (more…)

Joomla WordPressExperts warn web developers about growing number of attacks to the WordPress and Joomla platforms.

Researchers at the Sans Institute said they had received several reports of attempted attacks on the popular content management system (CMS), including WordPress and Joomla. Compromised web-sites have been infected with malicious code, redirect users to third-party portals.

Researcher John Bambenek, CEO Bambenek Consulting, a leading blog Sans Institute, said that the incident is of particular interest because of the attempts to attack intruders massively page by hacking servers.

“It is interesting to note that this does not seem to Exploit search produces a vulnerability. Apparently, hackers scanning servers for multiple breaches Joomla and WordPress”, – the expert added on his personal blog. (more…)

Wordpress Vulnerability

XSS in WordPress

Vulnerability: Cross-site scripting in WordPress Video Lead Form

Danger: Low
Patch: Yes
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress Video Lead Form Plugin 0.x

Affected versions: WordPress Video Lead Form 0.5, maybe earlier.

Description:

The vulnerability allows malicious people to conduct XSS attacks. (more…)

Wordpress Vulnerability

Security Bypass in WordPress

Vulnerability: Security Bypass in WordPress vTiger CRM Lead Capture

Danger: Middle
Patch: Yes
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: Security Bypass

Affected products: WordPress vTiger CRM Lead Capture Plugin 1.x

Affected versions: WordPress vTiger CRM Lead Capture 1.0, perhaps the only one.

Description:

Which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an unspecified error. Details were not disclosed. (more…)

Wordpress Vulnerability

Cross-site scripting in WordPress

Vulnerability: Cross-site scripting WordPress NextGEN Gallery

Danger: Low
If the Patch: None
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress NextGEN Gallery Plugin 1.x

Affected versions: WordPress NextGEN Gallery 1.9.7, possibly earlier.

Description:

The vulnerability allows malicious people to conduct XSS attacks.

The vulnerability is caused due to insufficient input validation in the parameter “movieName” in the script to swfupload.swf “ExternalInterface.call ()”. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. (more…)

Wordpress Vulnerability

Cross-site scripting in WordPress

1. Vulnerability: Cross-site scripting WordPress WP125

Danger: Low
Patch: Yes
Number of vulnerabilities: 2

Vector of operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress WP125 Plugin 1.x

Affected versions: WordPress WP125 1.4.4, possibly earlier.

Description:

The vulnerability allows malicious people to conduct XSS attacks. (more…)

Wordpress Vulnerability

SQL-injection in All Video Gallery

Vulnerability: SQL-injection in WordPress All Video Gallery

Danger: High
Patch: Yes

Vector operation: Remote
Impact: Unauthorized change

Affected products: WordPress All Video Gallery Plugin 1.x

Affected versions: WordPress All Video Gallery 1.1 versions prior to 11.02.2012, possibly earlier.

Description:

The vulnerability allows a remote user to execute arbitrary SQL commands in the application database. (more…)