Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Description
(#Multiple vulnerabilities have been identified in third-party plugins for Wordpress:#- VideoWhisper Video Presentation: cross-site scripting in the "stream" parameter of the "wp-admin/admin-ajax.php" script when the "action" parameter is set to "vwcns_trans"##- Contest Gallery: cross-site scripting in the "GalleryID" parameter of the "./wp-fastest-cache/contest-gallery/nav-gallery.php" script##- Fastest Cache: cross-site scripting in the "error_message" parameter of the "./wp-fastest-cache/templates/update_error.php" script##- Role Scoper: cross-site scripting in the "object_name" parameter of the "/wp-admin/admin.php" script when the "page" parameter is set to value "rs-object_role_edit" (CVE-2015-8353)##- Ultimate Member: cross-site scripting in the "_refer" parameter of the "wp-admin/users.php" script, when "update" is set to value "confirm_delete" (CVE-2015-8354)##- Gwolle Guestbook: remote file inclusion in the "abspath" parameter of the "./gwolle-gb/frontend/captcha/ajaxresponse.php" script (CVE-2015-8351)##- Calls to Action: two cross-site scripting (CVE-2015-8350)##- Users Ultra: blind SQL injection##- Users Ultra: stored cross-site scripting in the "p_name" parameter of the "wp-admin/admin.php" script when the "page" parameter is set to "userultra".##Proofs of concept are available.)
