Wordpress Multiple Third Party Plugins Multiple Vulnerabilities


Description   Several vulnerabilities have been identified in Wordpress third party plugins:
- dzs-zoomsounds: arbitrary file upload via "admin/upload.php"
- Store Locator Plus: data injection allowing to modify the receiver of an email
- Incoming Links: cross-site scripting in "referrers.php"
- Esplanade: cross-site scripting in "theme-options.php"
- Ultimate Social Media and Share Icons: cross-site scriping in "sfsi_buttons_controller.php"
- Formidable Forms: information disclosure in "FrmFormsController.php"
- UserPro: cross-site scripting in "login/?redirect_to"
- XCloner: cross-site scripting in "functions.php"
- Coppermine Photo Gallery: open redirect in "mode.php" (CVE-2015-3922)
- Coppermine Photo Gallery: open redirect in "referer" (CVE-2015-3921)
- LeagueManager: SQL injection via "getMatch()"
- Simple Share Buttons Adder: cross-site scripting via "hello-world"
- Codestyling Localization: several remote code execution via cross-site request forgery exploitation
- N-Media Website: local file inclusion
- zM Ajax Login and Register: local file inclusion
- grand-media: several vulnerabilities such as cross-site scripting, local file inclusion and denial of service
- wp-mobile-edition : several vulnerabilities such as local file inclusion and denial of service
- wp-fastest-cache : cross-site scripting
- leaflet-maps-marker : cross-site scripting
- landing-pages : cross-site scripting in admin session
- extended-catagories-widget : undisclosed vulnerability
- gallery-images : cross-site scripting in admin session
- gallery-video : cross-site scripting in admin session
- easy-google-fonts : cross-site scripting in admin session
- cta : cross-site scripting and cross-site request forgery in admin session
- constant-contact-api : cross-site scripting
Proofs of concept are available.
     
Vulnerable Products   Vulnerable Software:
WordPress (WordPress)
     
Solution   New versions of the following plugins fix these vulnerabilities:- Store Locator Plus: 4.2.27- Incoming Links: 0.9.10b- Esplanade: 1.1.5- Ultimate Social Media and Share Icons: 1.1.1.12- Formidable Forms: 2.0.08- Coppermine Photo Gallery: 1.5.36- Simple Share Buttons Adder: 6.0.1- N-Media Website: 1.6- zM Ajax Login and Register: 1.1.0
     
CVE   CVE-2015-4153
CVE-2015-3922
CVE-2015-3921
     
References   - Exploit-db : WordPress dzs-zoomsounds
Plugins Remote File Upload Vulnerability
https://www.exploit-db.com/exploits/37166/
Wpvulndb : Store Locator Plus
Email Injection
https://wpvulndb.com/vulnerabilities/8016
Wpvulndb : Incoming Links
referrers.php XSS
https://wpvulndb.com/vulnerabilities/8015
Wpvulndb Esplanade
Reflected XSS
https://wpvulndb.com/vulnerabilities/8017
G0blin : Ultimate Social Media and Share Icons 1.1.1.11
https://research.g0blin.co.uk/g0blin-00052/
G0blin : Formidable Forms 2.0.07
https://research.g0blin.co.uk/g0blin-00049/
Packetstormsecurity : WordPress UserPro 2.33 Cross Site Scripting
https://packetstormsecurity.com/files/132114/wpuserpro-xss.txt
Packetstormsecurity : WordPress Xloner 3.1.2 XSS
Command Execution
https://packetstormsecurity.com/files/132107/xloner-execxss.txt
Packetstormsecurity : CVE-2015-3922
https://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html
Packetstormsecurity : CVE-2015-3921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-3921
Wpvulndb : LeagueManager 3.9.11
SQL Injection
https://wpvulndb.com/vulnerabilities/8023
Wpvulndb : Simple Share Buttons Adder
Reflected XSS
https://wpvulndb.com/vulnerabilities/8021
Seclists : CVE requests
Advisory: Codestyling Localization
http://seclists.org/oss-sec/2015/q2/614
Wpvulndb : N-Media Website Contact Form with File Upload
Local File Inclusion
https://wpvulndb.com/vulnerabilities/8024
Wpvulndb : zM Ajax Login and Register
Local File Inclusion
https://wpvulndb.com/vulnerabilities/8025
Seclists : CVE-2015-4153
WordPress zM Ajax Login & Register Plugin [Local File Inclusion]
http://seclists.org/bugtraq/2015/Jun/22
Seclists : CVE Request
multiple WordPress plugins and themes
http://seclists.org/oss-sec/2015/q2/573
- Exploit-db : WordPress zM Ajax Login & Register Plugin 1.0.9 Local File Inclusion
https://www.exploit-db.com/exploits/37200/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2015-05-30 

 Target Type 
Server 

 Possible exploit 
Remote