Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Description
(#Several vulnerabilities have been identified in third-party plugins for WordPress:#- WP User Frontend: arbitrary file upload through the 'wpuf_file_upload' or 'wpuf_insert_image' actions#- WooCommerce - Store Toolkit: privileges escalation#- Newsletter Pro: open redirect through the 'nr' (encoded in base64) sent to the 'do.php' page#- Clikstats: open redirect through the 'Ck_lnk' parameter sent to the 'ck.php' page#- InstaLinker : cross-site scripting through the 'client_id' parameter sent to the 'instalinker-admin-preview.php' page#- Woocomerce Currency Switcher: cross-site scripting through parameters processed by the '/wp-content/plugins/woocomerce-currency-switcher/index.php' page#- wp-miniaudioplayer: open proxy and local file disclosure through the 'fileurl' parameter sent to the 'map_download.php' page after positioning the 'mapdownload' cookie to 'True'. This vulnerability is the result of an incomplete fix of the one described in LexID 25093 security advisory.#- Duplicator: cross-site request forgery#- Recent Posts Widget Extended: post authentication cross-site scripting#- Sola Support Ticket: cross-site scripting. The exploitation of this vulnerability needs the access to wp-admin#- ALO EasyMail Newsletter: cross-site scripting and cross-site request forgery through the '/wordpress4.4/wp-admin/edit.php?post_type=newsletter&page=alo-easymail/pages/alo-easymail-admin-options.php' page#- Universal Analytics: cross-site scripting#- Bloom & Monarch: privileges escalation through an unspecified vector##Proof of concepts are available.)
