Wordpress Multiple Third Party Plugins Vulnerabilities


Description   (#Several vulnerabilities have been identified in third-party plugins for WordPress:#- Remote Upload: arbitrary file upload#- Ultimate Product Catalog: multiple vulnerabilities (privilege escalation, shell upload)#- CM Ad Changer: stored cross-site scripting#- Social Stream: wp-options write#- Jetpack: multiple vulnerabilities (information disclosure, unauthorized data changes, cross-site scripting)#- Advanced Access Manager: privilege escalation#- File Upload: arbitrary file upload#- EWWW Image Optimizer: remote code execution#- Contus Video Comments: file upload##Proof of concept are available.)
     
Vulnerable Products   Vulnerable Software:
WordPress (WordPress) -
     
Solution   - EWWW Image Optimizer: 2.8.4
     
CVE  
     
References   - vulnerability-lab : CM Ad Changer 1.7.7 WP Plugin - Cross Site Vulnerability
http://www.vulnerability-lab.com/get_content.php?id=1856
- wpvulndb : Advanced Access Manager <= 3.2.1 - Privilege Escalation
https://wpvulndb.com/vulnerabilities/8521
- Packet Storm Security : WordPress Contus Video Comments 1.0 File Upload
https://packetstormsecurity.com/files/137598/wpcvc-uploadtraversal.txt
- 0day.today : vulnerability : 0day : WordPress Ultimate Product Catalog 3.8.1 Privilege Escalation Exploit
http://0day.today/exploit/25516
- CXSecurity : WordPress Premium SEO Pack 1.9.1.3 wp_options Overwrite
https://cxsecurity.com/issue/WLB-2016060160
- wpvulndb : Jetpack <= 4.0.3 - Multiple Vulnerabilities
https://wpvulndb.com/vulnerabilities/8517
- wpvulndb : Remote Upload <= 1.2.1 - Unrestricted File Upload
https://wpvulndb.com/vulnerabilities/8515
- Exploit-DB : WordPress Social Stream Plugin 1.5.15 - wp_options Overwrite
https://www.exploit-db.com/exploits/39946/
- wpvulndb : EWWW Image Optimizer <= 2.8.3 - Remote Code Execution
https://wpvulndb.com/vulnerabilities/8513
- wpvulndb : WordPress File Upload <= 3.8.5 - Insufficient File Extension Blacklisting
https://wpvulndb.com/vulnerabilities/8527
- Packet Storm Security : WordPress Ultimate Product Catalog 3.8.6 Shell Upload ? Packet Storm
https://packetstormsecurity.com/files/137627/wpupc386-shell.txt
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - POST : suspicious 'meta' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
5.0.0
XSS - Prevention - POST : javascript code found in data
5.0.0
XSS - Prevention - POST : suspicious tag with event found in data
5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
5.0.0
XSS - Prevention - POST : 'location' javascript object found in data
5.0.0
Upload of a PHP file in a vulnerable web application
5.0.0
XSS - Prevention - POST : code allowing cookie access found in data
5.0.0
XSS - Prevention - POST : 'script' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
     


 
 
 
 
 Risk level 
High 

 Vulnerability First Public Report Date 
2016-06-14 

 Target Type 
Server 

 Possible exploit 
Remote