|
Description
|
|
(#Several vulnerabilities have been identified in third-party plugins for WordPress:#- WP Front End Profile: privilege escalation via POST request on "wp_capabilities" and "wp_user_level" fields as well as a stored cross-site scripting vulnerability via the "testing_field" field##- Advanced ads Management: post-authentication stored cross-site scripting##- Order Export Import for WooCommerce: order information disclosure via "page" and "action" parameters.##Proof of concepts are available.)
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
WordPress (WordPress) -
|
|
|
|
|
|
Solution
|
|
- Order Export Import for WooCommerce: 1.0.9
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
- wpvulndb : WP Front End Profile <= 0.2.1 - Privilege Escalation & Stored Cross-Site Scripting
https://wpvulndb.com/vulnerabilities/8620
- wpvulndb : Advanced ads Management 1.3 - Authenticated Stored Cross-Site Scripting
https://wpvulndb.com/vulnerabilities/8621
- exploit-db : WordPress Plugin Order Export Import for WooCommerce - Order Information Disclosure
https://www.exploit-db.com/exploits/40391
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
