SNS Vulnerability

WordPress Third-Party Plugins Multiple Vulnerabilities

Description

(#Several vulnerabilities have been identified in third-party plugins for WordPress:#- Single Personal Message: authenticated SQL injection#- WP Support Plus Responsive Ticket System: authenticated SQL injection#- Quiz and Survey Master: stored cross-site scripting and cross-site request forgery#- Podlove Podcast Publisher: multiple SQL injection and cross-site scripting#- All in One WP Security & Firewall: cross-site scripting#- WooCommerce Tax Rates: cross-site scripting#- Stats Counter: PHP object injection#- Backup & Restore Dropbox: PHP object injection#- 404 Redirection Manager: SQL injection#- WP Private Messages: SQL injection#- ZX_CSV Upload: cross-site request forgery and SQL injection#- Xtreme Locator Dealer Locator: authenticated SQL injection#- ZM Gallery: SQL injection#- Nelio AB Testing: server side request forgery#- copy-me: cross-site request forgery##Proofs of concept are available.)

Vulnerable Products

Vulnerable Software:
WordPress (WordPress) -

Solution

- Nelio AB Testing: 4.5.9

CVE

References

- wpvulndb : Single Personal Message 1.0.3 ? Authenticated SQL Injection
https://wpvulndb.com/vulnerabilities/8700
- wpvulndb : WP Support Plus Responsive Ticket System 7.1.3 ? Authenticated SQL Injection
https://wpvulndb.com/vulnerabilities/8699
- wpvulndb : Quiz And Survey Master
https://wpvulndb.com/vulnerabilities/8698
- wpvulndb : Podlove Podcast Publisher
https://wpvulndb.com/vulnerabilities/8697
- wpvulndb : All In One WP Security & Firewall
https://wpvulndb.com/vulnerabilities/8696
- fortinet : WooCommerce Tax Rates Cross-Site Scripting Vulnerability
http://blog.fortinet.com/2016/12/16/woocommerce-tax-rates-cross-site-scripting-vulnerability2
- pluginvulnerabilities : PHP Object Injection Vulnerability in Stats Counter
https://www.pluginvulnerabilities.com/2016/12/15/php-object-injection-vulnerability-in-stats-counter/
- pluginvulnerabilities : PHP Object Injection Vulnerability in Backup & Restore Dropbox
https://www.pluginvulnerabilities.com/2016/12/15/php-object-injection-vulnerability-in-backup-restore-dropbox/
- pluginvulnerabilities : Authenticated Information Disclosure Vulnerability in Backup & Restore Dropbox
https://www.pluginvulnerabilities.com/2016/12/15/authenticated-information-disclosure-vulnerability-in-backup-restore-dropbox/
- exploit-db : WordPress Plugin 404 Redirection Manager 1.0 - SQL Injection
https://www.exploit-db.com/exploits/40941
- 0day.today : Wordpress WP Private Messages 1.0.1 Plugin - SQL Injection Vulnerability
http://0day.today/exploits/26552
- pluginvulnerabilities : Cross-Site Request Forgery (CSRF)/Database Update Vulnerability in ZX_CSV Upload
https://www.pluginvulnerabilities.com/2016/12/19/cross-site-request-forgery-csrfdatabase-update-vulnerability-in-zx_csv-upload/
- wpvulndb : Xtreme Locator Dealer Locator Plugin 1.5 ? Authenticated SQL Injection
https://wpvulndb.com/vulnerabilities/8704
- wpvulndb : ZM Gallery 1.0 ? Authenticated Blind SQL Injection
https://wpvulndb.com/vulnerabilities/8703
- wpvulndb : ZX_CSV Upload 1 ? Authenticated SQL Injection
https://wpvulndb.com/vulnerabilities/8702
- wpvulndb : Nelio AB Testing <= 4.5.8 - Server Side Request Forgery (SSRF)
https://wpvulndb.com/vulnerabilities/8705
- security : copy-me vulnerable to CSRF allowing unauthenticated attacker to copy posts
https://security.dxw.com/advisories/copy-me-vulnerable-to-csrf-allowing-unauthenticated-attacker-to-copy-posts/

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious OR statement in URL	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL	3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL	3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL	3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL	3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL	3.2.0
SQL injection Prevention - GET : possible database version probing	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL	3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
SQL injection Prevention - GET : block comment delimiters in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	5.0.0
XSS - Prevention - POST : javascript code found in data	5.0.0
XSS - Prevention - POST : suspicious tag with event found in data	5.0.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data	5.0.0
XSS - Prevention - POST : 'location' javascript object found in data	5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	5.0.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL	5.0.0
XSS - Prevention - POST : code allowing cookie access found in data	5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data	5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements	5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data	5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data	5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement	5.0.0
XSS - Prevention - POST : 'script' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data	5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data	5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data	5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious OR statement in data	5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data	5.0.0
SQL injection Prevention - POST : possible version probing in data	5.0.0
SQL injection Prevention - GET : suspicious SQL keywords in URL	5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	5.0.0

Risk level

High

Vulnerability First Public Report Date

2016-12-14

Target Type

Client + Server

Possible exploit

Remote