Scroll Top

WP Security: 11 plugin vulnerabilities in April 2018

WP SECURITY: 11 PLUGIN VULNERABILITIES IN APRIL 2018

For your WP Security, be informed about the latest vulnerabilities in WordPress plugins:

  1. WP Security Audit Log Plugin
    • Sensitive Information Disclosure reported by Colette Chamberland (https://www.defiant.com; @cjchamberland). No protection on the wp-content/uploads/wp-security-audit-log/*; which is indexed by google and allows for attackers to possibly find user information (bad login attempts). Google Dork: inurl:/wp-content/uploads/wp-security-audit-log/
      • immediately upgrade to version 3.1.2 to fix the vulnerability

  2. WordPress File Upload
    • Security Issue in Shortcodes reported by Ryan (https://dewhurstsecurity.com/; @ethicalhack3r). The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes.
    • Cross-Site Scripting (XSS) reported by Ryan (https://dewhurstsecurity.com/; @ethicalhack3r). The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.
      • immediately upgrade to version 4.3.4 to fix both vulnerabilities

  3. Our only security is our ability to change. ~ John Lilly

  4. My Calendar
    • Authenticated Cross-Site Scripting (XSS) reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com/. An authenticated user, who can add new events, can inject arbitrary javascript code via event_time_label input. The arbitrary code runs both on the event page and in the admin panel. In my-calendar-event-manager.php, line 1873, the variable $eventTime is not sanitized.
      • immediately upgrade to version 2.5.17 to fix the vulnerability

  5. WP Background Takeover
    • Directory Traversal reported by Colette Chamberland (@cjchamberland; https://defiant.com). Allows for an attacker to browse files via the download.php file. https://target[.]com/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php
      • immediately upgrade to version 4.1.5 to fix the vulnerability

  6. Relevanssi
    • Cross-Site Scripting (XSS) reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com). Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter.
      • immediately upgrade to version 4.0.5 to fix the vulnerability

  7. At the end of the day, the goals are simple: safety and security. ~ Jodi Rell

  8. Contact Form 7 to Database Extension
    • CSV Injection reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com). CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.
      • immediately upgrade to version 2.10.36 to fix the vulnerability
      • This plugin has been closed and is no longer available for download. https://wordpress.org/plugins/contact-form-7-to-database-extension/

  9. WP Live Chat Support
    • Unauthenticated Stored XSS reported by Luigi https://www.gubello.me/blog/. An unauthenticated user can inject arbitrary javascript code in the admin panel by using the text field “Name” of WP Live Chat Support. The arbitrary code runs on the page wplivechat-menu-history. In the file wp-live-chat-support.php there is no sanitization of $result->id (row 4439). WP Live Chat Support 8.0.05 is vulnerable, probably earlier versions too.
      • immediately upgrade to version 8.0.06 to fix the vulnerability

  10. WP Image Zoom
    • Cross-Site Request Forgery (CSRF) reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com). The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
      • immediately upgrade to version 1.24 to fix the vulnerability

  11. Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!

  12. Responsive Cookie Consent
    • Authenticated Stored Cross-Site Scripting (XSS) reported by B0UG. A persistent cross-site scripting vulnerability has been found in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in the victim's browser when they visit the website.
      • immediately upgrade to version 1.8 to fix the vulnerability

  13. UK Cookie Consent
    • Authenticated Stored Cross-Site Scripting (XSS) reported by B0UG. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser.
      • immediately upgrade to version 2.3.10 to fix the vulnerability

  14. Caldera Forms
    • Multiple Cross-Site Scripting (XSS) reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com). Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form.
      • immediately upgrade to version 1.6.0 to fix the vulnerability

Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!

Related Posts

owlpower.eu
owlpower.eu
owlpower.eu