Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Description
Several vulnerabilities have been identified in plugins for WordPress:
- MDC Private Message: cross-site scripting located in the "message" field
- Googmonify: cross-site forgery request and cross-site scripting
- Rocket Responsive Gallery: cross-site scripting located in the "image label" field
- GeoPlaces3: arbitrary file upload located in the "upload.php" web page
- WP-Polls: cross-site scripting located in the "svg onload" parameter of the "polls-add.php" page
- Car Rental System: SQL injection located in the "pickuploc" and "dropoff" parameters
- YouTube Embed: cross-site scripting located in the "Profile name" field (CVE-2015-6535)
- Navis DocumentCloud: cross-site scripting located in the "wpbase" field of the "window.php" web page
- Private Only: cross-site scripting located in the "po_logo" field of the "privateonly.php" web page.
- Amazonify: cross-site scripting located in the "TrackingID" parameter of the "amazonify.php" web page
- NextGen Gallery: local file include.
Proofs of concept are available.
New versions of the following plugins fix the vulnerabilities impacting them:- MDC Private Message: 1.0.1- rocket-responsive-gallery: 1.2- wp-polls: 2.70- Car Rental System: 3.1- YouTube Embed: 3.3.3- Navis DocumentCloud: 0.1.1
