WordPress Third-Party Plugins Multiple Vulnerabilities
Description
(#Several vulnerabilities have been identified in third-party plugins for WordPress:#- wp-mailinglist: file upload and cross-site request forgery#- WP Booking System: CVE-2017-2168: cross-site scripting#- plugin surveys: CVE-2017-1002020, CVE-2017-1002021, CVE-2017-1002022: mutiple SQL injections#- eventr: CVE-2017-1002018, CVE-2017-1002019: multiple blind SQL injections#- gift-certificate-creator: CVE-2017-1002017: content injection#- Newsletter Supsystic: cross-site scripting#- All In One Schema.org Rich Snippets: cross-site scripting#- Huge-IT Video Gallery: SQL injection#- AffiliateWP: cross-site scripting (authenticated)#- dopts: file upload#- Easy Team Manager: blind SQL injection#- MaxButtons: cross-site scripting (authenticated)#- WP Booking System: stored cross-site scripting (authenticated)#- Multiple BestWebSoft Plugins: several cross-site scripting#- Surveys: SQL injection (authenticated)#- Social-Stream: Twitter API key disclosure#- Raygun4WP: reflected cross-site scripting#- Simple Slideshow Manager: cross-site scripting#- No External Links: cross-site scripting#- Tribulant Newsletters: local file inclusion and multiple cross-site scripting#- WP Editor.MD: CVE-2017-9336: stored cross-site scripting#- Markdown on Save Improved: CVE-2017-9337: stored cross-site scripting.###Proofs of concept are available.)
Vulnerable Products
Vulnerable Software:
WordPress (WordPress) -
Solution
- Tribulant Newsletters: 4.6.5.4
CVE
CVE-2017-9337
CVE-2017-9336
CVE-2017-2168
CVE-2017-1002022
CVE-2017-1002021
CVE-2017-1002020
CVE-2017-1002019
CVE-2017-1002018
CVE-2017-1002017
References
- cxsecurity : Wordpress plugins wp-mailinglist upload File Vulnerability | CSRF
https://cxsecurity.com/issue/WLB-2017050149
- jvndb : Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CVE-2017-2168
http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000092.html
- vapid : SQL Injection in Wordpress plugin surveys v1.01.8
http://www.vapid.dhs.org/advisory.php?v=193
- vapid : Blind SQL Injection in Wordpress plugin eventr v1.02.2
http://www.vapid.dhs.org/advisory.php?v=192
- vapid : Content Injection Vulnerability in Wordpress plugin gift-certificate-creator v1.0
http://www.vapid.dhs.org/advisory.php?v=191
- cxsecurity : WordPress Newsletter Supsystic 1.1.7 Cross Site Scripting
https://cxsecurity.com/issue/WLB-2017050167
- bugtraq : DefenseCode ThunderScan SAST Advisory: WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability
http://seclists.org/bugtraq/2017/May/56
- bugtraq : DefenseCode ThunderScan SAST Advisory: WordPress Huge-IT Video Gallery Plugin Security Vulnerability
http://seclists.org/bugtraq/2017/May/57
- bugtraq : DefenseCode ThunderScan SAST Advisory: WordPress AffiliateWP Plugin Security Vulnerability
http://seclists.org/bugtraq/2017/May/58
- cxsecurity : Wordpress plugins dopts upload File Vulnerability
https://cxsecurity.com/issue/WLB-2017050173
- vapid : Blind SQL Injection in Wordpress Plugin Easy Team Manager v1.3.2
http://www.vapid.dhs.org/advisory.php?v=194
- wpvulndb : WordPress Button Plugin MaxButtons <= 6.18 - Authenticated Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8831
- wpvulndb : WP Booking System <= 1.3.3 - Authenticated Stored Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8830
- Multiple BestWebSoft WordPress plugins vulnerable to cross-site scripting
https://jvn.jp/en/jp/JVN24834813/index.html
- wpvulndb : Surveys 1.01.8 - Authenticated SQL Injection
https://wpvulndb.com/vulnerabilities/8833
- wpvulndb : AffiliateWP <= 2.0.9 - Authenticated Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8835
- wpvulndb : All In One Schema.org Rich Snippets <= 1.4.4 - Authenticated Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8834
- cxsecurity : WordPress Social-Stream 1.6.0 Twitter API Secret Disclosure
https://cxsecurity.com/issue/WLB-2017050202
- wpvulndb : Raygun4WP <= 1.8.0 - Unauthenticated Reflected XSS
https://wpvulndb.com/vulnerabilities/8836
- bugtraq : DefenseCode ThunderScan SAST Advisory: WordPress Simple Slideshow Manager Plugin Multiple Security Vulnerabilities
http://seclists.org/bugtraq/2017/May/72
- defensecode : WordPress No External Links Plugin Security Vulnerability
http://defensecode.com/advisories/DC-2017-01-022_WordPress_No_External_Links_Plugin_Advisory.pdf
- defensecode : WordPress Tribulant Newsletters Plugin Multiple Security Vulnerabilities
http://defensecode.com/advisories/DC-2017-01-012_WordPress_Tribulant_Newsletters_Plugin_Advisory.pdf
- lncken : The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post. CVE-2017-9336
http://lncken.cn/?p=258
- The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post. CVE-2017-9337
http://lncken.cn/?p=279
Vulnerability Manager Detection
No
IPS Protection
ASQ Engine alarm
Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious OR statement in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL
3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL
3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL
3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
3.2.0
Directory traversal
3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL
3.2.0
SQL injection Prevention - GET : possible database version probing
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL
3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
SQL injection Prevention - GET : block comment delimiters in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
SQL injection Prevention - Cookie : suspicious DROP statement in Cookie
3.5.0
SQL injection Prevention - Cookie : suspicious CREATE statement in Cookie
3.5.0
SQL injection Prevention - Cookie : suspicious OPENQUERY statement in Cookie
3.5.0
SQL injection Prevention - Cookie : suspicious DECLARE statement in Cookie
3.5.0
SQL injection Prevention - Cookie : possible version probing in Cookie
3.5.0
SQL injection Prevention - Cookie : suspicious INSERT statement in Cookie
3.5.0
SQL injection Prevention - Cookie : suspicious OPENROWSET statement in Cookie
3.5.0
SQL injection Prevention - Cookie : suspicious EXEC statement in Cookie
3.5.0
SQL injection Prevention - Cookie : suspicious UNION statement in Cookie
3.5.0
SQL injection Prevention - Cookie : suspicious HAVING statement in Cookie
3.5.0
SQL injection Prevention - Cookie : suspicious SELECT statement in Cookie
3.5.0
SQL injection Prevention - Cookie : suspicious CAST statement in Cookie
3.5.0
SQL injection Prevention - Cookie : suspicious UPDATE statement in Cookie
3.5.0
SQL injection Prevention - Cookie : suspicious OR statement in Cookie
3.5.0
SQL injection Prevention - Cookie : suspicious DROP statement in Cookie
4.1.2
SQL injection Prevention - Cookie : suspicious EXEC statement in Cookie
4.1.2
SQL injection Prevention - Cookie : possible version probing in Cookie
4.1.2
SQL injection Prevention - Cookie : suspicious CAST statement in Cookie
4.1.2
SQL injection Prevention - Cookie : suspicious SELECT statement in Cookie
4.1.2
SQL injection Prevention - Cookie : suspicious CREATE statement in Cookie
4.1.2
SQL injection Prevention - Cookie : suspicious HAVING statement in Cookie
4.1.2
SQL injection Prevention - Cookie : suspicious OPENQUERY statement in Cookie
4.1.2
SQL injection Prevention - Cookie : suspicious OR statement in Cookie
4.1.2
SQL injection Prevention - Cookie : suspicious DECLARE statement in Cookie
4.1.2
SQL injection Prevention - Cookie : suspicious INSERT statement in Cookie
4.1.2
SQL injection Prevention - Cookie : suspicious UPDATE statement in Cookie
4.1.2
SQL injection Prevention - Cookie : suspicious OPENROWSET statement in Cookie
4.1.2
SQL injection Prevention - Cookie : suspicious UNION statement in Cookie
4.1.2
XSS - Prevention - POST : suspicious 'style' tag found in data
5.0.0
XSS - Prevention - POST : javascript code found in data
5.0.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in HTTP header
5.0.0
XSS - Prevention - POST : suspicious tag with event found in data
5.0.0
SQL injection Prevention - POST : suspicious UPDATE statement in data
5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data
5.0.0
XSS - Prevention - POST : 'location' javascript object found in data
5.0.0
Upload of a PHP file in a vulnerable web application
5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data
5.0.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL
5.0.0
XSS - Prevention - POST : code allowing cookie access found in data
5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data
5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements
5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data
5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data
5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data
5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement
5.0.0
XSS - Prevention - POST : 'script' tag found in data
5.0.0
RCE attempt using Java serialized class known to be vulnerable to unsafe deserialization
5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data
5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data
5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data
5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data
5.0.0
SQL injection Prevention - POST : suspicious OR statement in data
5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data
5.0.0
SQL injection Prevention - POST : possible version probing in data
5.0.0
SQL injection Prevention - GET : suspicious SQL keywords in URL
5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
Risk level
High
Vulnerability First Public Report Date
2017-05-24
Target Type
Client + Server
Possible exploit
Remote
