Wordpress Multiple Third Party Plugins Multiple Vulnerabilities


Description   Several vulnerabilities have been identified in third party modules of WordPress.
- Customize Youtube Videos: cross-site scripting in "/wp-admin/admin.php?page=customize-youtube-videos"
- Copy Or Move Comments: cross-site scripting with "post_type" and "action_type" in "/wp-admin/admin-ajax.php"
- Advertisement Management: cross-site scripting in "/wp-admin/options-general.php?page=Advertising_page&action=update"
- Chief Editor: cross-site scripting in "/wp-admin/admin.php?page=chief-editor-dashboard"
- Ads In Bottom Right: cross-site scripting in /"wp-admin/options-general.php?page=ads-in-bottom-right.php"
- Google Plus One Button By KMS: cross-site request forgery and stored cross-site scripting in "/wp-admin/options-general.php?page=google-plus-one-share-button"
- 1-Click Retweet/Share/Like: cross-site scripting with "lacandsnw_networkpub_key"
- Author Manager: cross-site scripting in "/wp-admin/users.php?page=author-manager%2Fauthor_manager.php"
- F/T/G Social Widgets: cross-site scripting and cross-site request forgery with "sw_cssstyleall" and "sw_cssstylewidget" in "/wp-admin/options-general.php?page=social-widgets-options"
- Advance Categorizer: cross-site scripting with "cat" in "advance-categorizer.php"
Proofs of concept are available.
     
Vulnerable Products   Vulnerable Software:
WordPress (WordPress)
     
Solution   No solution for the moment.
     
CVE  
     
References   - Packet Storm : WordPress 1-Click Retweet/Share/Like 5.2 Cross Site Scripting
https://packetstormsecurity.com/files/132882/wp1click-xss.txt
Packet Storm : WordPress Advance Categorizer 0.3 Cross Site Scripting
https://packetstormsecurity.com/files/132877/wpadvancedcategorizer-xss.txt
Packet Storm : WordPress Advertisement Management 1.0 Cross Site Scripting
https://packetstormsecurity.com/files/132886/wpam-xss.txt
Packet Storm : WordPress F/T/G Social Widgets 1.3.7 Cross Site Scripting
https://packetstormsecurity.com/files/132878/wpfbtgsw-xss.txt
Packet Storm : WordPress Author Manager 1.0 Cross Site Scripting
https://packetstormsecurity.com/files/132881/wpauthormanager-xss.txt
Packet Storm : WordPress Copy Or Move Comments 1.0.0 Cross Site Scripting
https://packetstormsecurity.com/files/132905/wpcopymove-xss.txt
Packet Storm : WordPress Customize Youtube Videos 0.2 Cross Site Scripting
https://packetstormsecurity.com/files/132906/wpcytv-xss.txt
Packet Storm : WordPress Google Plus One Button By KMS 1.5.0 CSRF
XSS
https://packetstormsecurity.com/files/132880/wpgpobbk-xsrfxss.txt
Packet Storm : WordPress Chief Editor 3.6.1 Cross Site Scripting
https://packetstormsecurity.com/files/132879/wpchiefeditor-xss.txt
Packet Storm : WordPress Ads In Bottom Right 1.0 Cross Site Scripting
https://packetstormsecurity.com/files/132883/wpadsibr-xss.txt
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious tag with event found in data
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
3.2.0
XSS - Prevention - POST : 'location' javascript object found in data
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - POST : javascript code found in data
3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
XSS - Prevention - POST : code allowing cookie access found in data
3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - POST : 'script' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
5.0.0
XSS - Prevention - POST : javascript code found in data
5.0.0
XSS - Prevention - POST : suspicious tag with event found in data
5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
5.0.0
XSS - Prevention - POST : 'location' javascript object found in data
5.0.0
XSS - Prevention - POST : code allowing cookie access found in data
5.0.0
XSS - Prevention - POST : 'script' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2015-08-03 

 Target Type 
Server 

 Possible exploit 
Remote