Wordpress Multiple Third Party Plugins Multiple Vulnerabilities


Description   (#Several vulnerabilities have been identified in third party plugins for WordPress:#- Neuvoo-Jobroll: cross-site scripting in two GET parameters "neuvoo_location" and "neuvoo_keywords" from the "index.php"##- wp-file-upload: remote arbitrary file upload due to improper filtering of file extensions##- Fastest Cache: SQL blind injection. This vulnerability is located in the "poll_id" parameter from the "wp-fastest-cache\inc\wp-polls.php" page##- BuddyPress: security bypass. A remote attacker could exploit it to gain administrator rights##- miniaudioplayer: remote arbitrary file upload by using "http://victim.com/wp-content/plugins/wp-miniaudioplayer/map_download.php?fileurl="##- Types: cross-site scripting. A remote attacker could exploit it in order to execute arbitrary Javascript or HTML code by inciting their victim into following a specially formed link.##Proofs of concept are available.)
     
Vulnerable Products   Vulnerable Software:
WordPress (WordPress) -
     
Solution   - Types: 1.8.8
     
CVE  
     
References   - packetstorm : WordPress Neuvoo-Jobroll 2.0 Cross Site Scripting
https://packetstormsecurity.com/files/134240/wpneuvoojobroll-xss.txt
- wpvulndb : WordPress File Upload <= 3.4.0 - Unauthenticated Malicious File Upload
https://wpvulndb.com/vulnerabilities/8226
- exploit-db : WordPress WP Fastest Cache Plugin 0.8.4.8 - Blind SQL Injection
https://www.exploit-db.com/exploits/38678/
- szyurek : WP Fastest Cache 0.8.4.8 Blind SQL Injection
http://security.szurek.pl/wp-fastest-cache-0848-blind-sql-injection.html
- wpvulndb : BuddyPress <= 2.3.4 - Authenticated Privilege Escalation
https://wpvulndb.com/vulnerabilities/8230
- 0day : WordPress wp-miniaudioplayer plugin Arbitrary File Download Vulnerability
http://0day.today/exploit/24536
- wpvulndb : Types <= 1.8.7.2 - Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8228
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
Misc : Directory traversal - parameter starting with ../
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
Directory traversal using ..\..
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
Directory traversal
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
Directory traversal backward root folder
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data
5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data
5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data
5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data
5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data
5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data
5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data
5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data
5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data
5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data
5.0.0
SQL injection Prevention - POST : suspicious OR statement in data
5.0.0
SQL injection Prevention - POST : possible version probing in data
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2015-11-12 

 Target Type 
Server 

 Possible exploit 
Remote