Posts Tagged ‘WordPress’

Cross-site scripting WordPress (March 7, 2013)

Posted: March 9, 2013 in Vulnerabilities
Tags: , , , ,
0

Wordpress VulnerabilityVulnerability: Cross-site scripting WordPress Count per Day

Danger level: Low
Patch: None
Number of vulnerabilities: 1

Operation vector: Remote
Impact: Cross Site Scripting

Affected products: WordPress Count per Day Plugin 3.x

Affected versions: WordPress Count per Day 3.2.5, possibly earlier.

Description:

The vulnerability allows malicious people to conduct XSS attacks.

The vulnerability is caused due to insufficient input validation in the parameter “daytoshow” in script wp-content/wp-admin/index.php (when the parameter “page” is “cpd_metaboxes”). This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. (more…)

WordPress Audio Player – Cross-site scripting

Posted: February 11, 2013 in Vulnerabilities
Tags: , , ,
0
XSS in WordPress Audio Player

XSS in WordPress Audio Player

Vulnerability: Cross-site scripting in WordPress Audio Player

Danger level: Low
Patch: Yes
Number of vulnerabilities: 1

CVE ID: CVE-2013-1464
Vector of operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress Audio Player Plugin 2.x

Affected versions: WordPress Audio Player 2.0.4.5, possibly earlier. (more…)

Security Bypass WordPress Portable phpMyAdmin

Posted: December 19, 2012 in Vulnerabilities
Tags: , ,
0

Wordpress VulnerabilityVulnerability: Security Bypass WordPress Portable phpMyAdmin

Danger: Average
Patch: Yes
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: Bypass of Security

Affected products: WordPress Portable phpMyAdmin Plugin 1.x

Affected versions: WordPress Portable phpMyAdmin version to 1.3.1.

Description:

Which can be exploited by malicious people to bypass certain security restrictions. (more…)

CSRF attack in WordPress Knews Multilingual Newsletters

Posted: December 15, 2012 in Vulnerabilities
Tags: , , , ,
1
Wordpress Vulnerability

XSS in WordPress

Vulnerability: CSRF attack in WordPress Knews Multilingual Newsletters

Danger: Low
Patch: Yes
Number of vulnerabilities: 1

Vector operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress Knews Multilingual Newsletters Plugin 1.x

Affected versions: Knews WordPress Multilingual Newsletters 1.2.5, possibly earlier.

Description:

The vulnerability allows malicious people to conduct XSS attacks.

The vulnerability is caused due to the lack of authentication of HTTP requests when you perform some action. A remote user can perform CSRF attack and change the e-mail address. (more…)

Growing number of attacks to the WordPress and Joomla platforms

Posted: December 11, 2012 in IT Security News
Tags: , ,
0

Joomla WordPressExperts warn web developers about growing number of attacks to the WordPress and Joomla platforms.

Researchers at the Sans Institute said they had received several reports of attempted attacks on the popular content management system (CMS), including WordPress and Joomla. Compromised web-sites have been infected with malicious code, redirect users to third-party portals.

Researcher John Bambenek, CEO Bambenek Consulting, a leading blog Sans Institute, said that the incident is of particular interest because of the attempts to attack intruders massively page by hacking servers.

“It is interesting to note that this does not seem to Exploit search produces a vulnerability. Apparently, hackers scanning servers for multiple breaches Joomla and WordPress”, – the expert added on his personal blog. (more…)

Cross-site scripting in WordPress Video Lead Form

Posted: December 4, 2012 in Vulnerabilities
Tags: , , ,
0
Wordpress Vulnerability

XSS in WordPress

Vulnerability: Cross-site scripting in WordPress Video Lead Form

Danger: Low
Patch: Yes
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress Video Lead Form Plugin 0.x

Affected versions: WordPress Video Lead Form 0.5, maybe earlier.

Description:

The vulnerability allows malicious people to conduct XSS attacks. (more…)

Security Bypass in WordPress vTiger CRM Lead Capture

Posted: November 19, 2012 in Vulnerabilities
Tags: , ,
0
Wordpress Vulnerability

Security Bypass in WordPress

Vulnerability: Security Bypass in WordPress vTiger CRM Lead Capture

Danger: Middle
Patch: Yes
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: Security Bypass

Affected products: WordPress vTiger CRM Lead Capture Plugin 1.x

Affected versions: WordPress vTiger CRM Lead Capture 1.0, perhaps the only one.

Description:

Which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an unspecified error. Details were not disclosed. (more…)

Cross-site scripting in WordPress 11152012

Posted: November 16, 2012 in Vulnerabilities
Tags: , , , ,
0
Wordpress Vulnerability

Cross-site scripting in WordPress

Vulnerability: Cross-site scripting WordPress NextGEN Gallery

Danger: Low
If the Patch: None
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress NextGEN Gallery Plugin 1.x

Affected versions: WordPress NextGEN Gallery 1.9.7, possibly earlier.

Description:

The vulnerability allows malicious people to conduct XSS attacks.

The vulnerability is caused due to insufficient input validation in the parameter “movieName” in the script to swfupload.swf “ExternalInterface.call ()”. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. (more…)

Cross-site scripting in WordPress

Posted: November 14, 2012 in Vulnerabilities
Tags: , ,
0
Wordpress Vulnerability

Cross-site scripting in WordPress

1. Vulnerability: Cross-site scripting WordPress WP125

Danger: Low
Patch: Yes
Number of vulnerabilities: 2

Vector of operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress WP125 Plugin 1.x

Affected versions: WordPress WP125 1.4.4, possibly earlier.

Description:

The vulnerability allows malicious people to conduct XSS attacks. (more…)

SQL-injection in WordPress All Video Gallery

Posted: November 9, 2012 in Vulnerabilities
Tags: , , ,
0
Wordpress Vulnerability

SQL-injection in All Video Gallery

Vulnerability: SQL-injection in WordPress All Video Gallery

Danger: High
Patch: Yes

Vector operation: Remote
Impact: Unauthorized change

Affected products: WordPress All Video Gallery Plugin 1.x

Affected versions: WordPress All Video Gallery 1.1 versions prior to 11.02.2012, possibly earlier.

Description:

The vulnerability allows a remote user to execute arbitrary SQL commands in the application database. (more…)

Older Entries
Newer Entries