|
Description
|
|
(#Several vulnerabilities were reported in third-party plugins for Wordpress:#- Content Text Slider on Post 6.8: persistent cross-site scripting in the "page" parameter of the "options-general.php" file##- Captcha 4.0.2: cross-site scripting in the "cptch_label_form", "cptch_required_symbol" and "bws_license_key" parameters of the "wp-admin/admin.php?page=captcha.php" script##- Limit Attempts 1.0.3: cross-site scripting in the "lmtttmpts_add_to_blacklist", "lmtttmpts_add_to_whitelist" and "bws_license_key parameters" of the "wp-admin/admin.php?page=limit-attempts.php&tab=[blacklist | whitelist | go_pro]" script##- Limit Attempts 1.0.3: cross-site request forgery in the "lmtttmpts_add_to_blacklist" and "lmtttmpts_add_to_whitelist" of the "wp-admin/admin.php?page=limit-attempts.php&tab=[blacklist | whitelist]" script##- WooCommerce 2.4.12: PHP code injection in the "items_per_page" parameter##- Gallery Master 1.0.22: persistent cross-site scripting in the "gallery_title" and "gallery_description" fields of the "gallery-master/views/galleries/manage_galleries.php" script##- weever-apps-20-mobile-web-apps: arbitrary file upload in the "qqfile" parameter of the "weever-apps-20-mobile-web-apps/file-upload.php" script##- Facebook Like Button 2.32: cross-site scripting in the "fcbkbttn_link" parameter of the "wp-admin/admin.php?page=facebook-button-plugin.php" script##- Email Queue 1.0.0: cross-site request forgery in the "action" parameter of the "admin.php?page=mlq_settings" script##- Google Adsense 1.29: persistent cross-site scripting in the "custom email" field of the "wp-admin/admin.php?page=bws_plugins&action=system_status" script##- Donate 2.0.1: cross-site scripting in the "dnt_paypal_purpose" parameter of the "wp-admin/admin.php?page=donate.php" script##- Contact Form To DB 1.4.0: cross-site scripting in the "bws_license_key" parameter of the "wp-admin/admin.php?page=contact_form_to_db.php&action=go_pro" script##- User Role 1.4.1: cross-site scripting in the "bws_license_key" parameter of the "wp-admin/admin.php?page=user-role.php&action=go_pro" script##- Twitter 2.37: cross-site scripting in the "bws_license_key" and "twttr_url_twitter" parameters of the "wp-admin/admin.php?page=twitter.php&action=go_pro" script##- Social Essentials Social Stats And Sharing Buttons 1.3.1: persistent cross-site scripting in the "se_settings_twitter_username" parameter of the "wp-admin/admin.php?page=social-essentils-setup" script##- Sender 0.7: cross-site scripting in the "bws_license_key", "sndr_from_custom_name" and "sndr_from_email" parameters of the "wp-admin/admin.php?page=sndr_setting" script##- Sender 0.7: cross-site request forgery in the "sndr_user_name[subscriber]", "sndr_subject" and "sndr_content" parameters of the "wp-admin/admin.php?page=sndr_send_user" script##- Relevant Related Posts 1.0.7: persistent cross-site scripting in the "rltdpstsplgn_options[head]" and "rltdpstsplgn_options[no_posts]" parameters of the "wp-admin/admin.php?page=related-posts-plugin.php" script##- Quotes And Tips 1.19: persistent cross-site scripting in the "qtsndtps_tip_label" and "qtsndtps_quote_label" parameters of the "wp-admin/admin.php?page=quotes-and-tips.php" script##- Portfolio 2.27: cross-site scripting in the "tag-slug", "prtfl_date_text_field", "prtfl_link_text_field", "prtfl_shrdescription_text_field", "prtfl_description_text_field", "prtfl_svn_text_field", "prtfl_executor_text_field", "prtfl_screenshot_text_field" and "prtfl_technologies_text_field" parameters of the "wp-admin/admin.php?page=portfolio.php" script##- PDF And Print 1.7.4: cross-site scripting in the "bws_license_key" parameter of the "wp-admin/admin.php?page=pdf-print.php&action=go_pro" scriptSeveral vulnerabilities were reported in third-party plugins for Wordpress:#- Content Text Slider on Post 6.8: persistent cross-site scripting in the "page" parameter of the "options-general.php" file##- Captcha 4.0.2: cross-site scripting in the "cptch_label_form", "cptch_required_symbol" and "bws_license_key" parameters of the "wp-admin/admin.php?page=captcha.php" script##- Limit Attempts 1.0.3: cross-site scripting in the "lmtttmpts_add_to_blacklist", "lmtttmpts_add_to_whitelist" and "bws_license_key parameters" of the "wp-admin/admin.php?page=limit-attempts.php&tab=[blacklist | whitelist | go_pro]" script##- Limit Attempts 1.0.3: cross-site request forgery in the "lmtttmpts_add_to_blacklist" and "lmtttmpts_add_to_whitelist" of the "wp-admin/admin.php?page=limit-attempts.php&tab=[blacklist | whitelist]" script##- WooCommerce 2.4.12: PHP code injection in the "items_per_page" parameter##- Gallery Master 1.0.22: persistent cross-site scripting in the "gallery_title" and "gallery_description" fields of the "gallery-master/views/galleries/manage_galleries.php" script##- weever-apps-20-mobile-web-apps: arbitrary file upload in the "qqfile" parameter of the "weever-apps-20-mobile-web-apps/file-upload.php" script##- Facebook Like Button 2.32: cross-site scripting in the "fcbkbttn_link" parameter of the "wp-admin/admin.php?page=facebook-button-plugin.php" script##- Email Queue 1.0.0: cross-site request forgery in the "action" parameter of the "admin.php?page=mlq_settings" script##- Google Adsense 1.29: persistent cross-site scripting in the "custom email" field of the "wp-admin/admin.php?page=bws_plugins&action=system_status" script##- Donate 2.0.1: cross-site scripting in the "dnt_paypal_purpose" parameter of the "wp-admin/admin.php?page=donate.php" script##- Contact Form To DB 1.4.0: cross-site scripting in the "bws_license_key" parameter of the "wp-admin/admin.php?page=contact_form_to_db.php&action=go_pro" script##- User Role 1.4.1: cross-site scripting in the "bws_license_key" parameter of the "wp-admin/admin.php?page=user-role.php&action=go_pro" script##- Twitter 2.37: cross-site scripting in the "bws_license_key" and "twttr_url_twitter" parameters of the "wp-admin/admin.php?page=twitter.php&action=go_pro" script##- Social Essentials Social Stats And Sharing Buttons 1.3.1: persistent cross-site scripting in the "se_settings_twitter_username" parameter of the "wp-admin/admin.php?page=social-essentils-setup" script##- Sender 0.7: cross-site scripting in the "bws_license_key", "sndr_from_custom_name" and "sndr_from_email" parameters of the "wp-admin/admin.php?page=sndr_setting" script##- Sender 0.7: cross-site request forgery in the "sndr_user_name[subscriber]", "sndr_subject" and "sndr_content" parameters of the "wp-admin/admin.php?page=sndr_send_user" script##- Relevant Related Posts 1.0.7: persistent cross-site scripting in the "rltdpstsplgn_options[head]" and "rltdpstsplgn_options[no_posts]" parameters of the "wp-admin/admin.php?page=related-posts-plugin.php" script##- Quotes And Tips 1.19: persistent cross-site scripting in the "qtsndtps_tip_label" and "qtsndtps_quote_label" parameters of the "wp-admin/admin.php?page=quotes-and-tips.php" script##- Portfolio 2.27: cross-site scripting in the "tag-slug", "prtfl_date_text_field", "prtfl_link_text_field", "prtfl_shrdescription_text_field", "prtfl_description_text_field", "prtfl_svn_text_field", "prtfl_executor_text_field", "prtfl_screenshot_text_field" and "prtfl_technologies_text_field" parameters of the "wp-admin/admin.php?page=portfolio.php" script##- PDF And Print 1.7.4: cross-site scripting in the "bws_license_key" parameter of the "wp-admin/admin.php?page=pdf-print.php&action=go_pro" script##- Simple Booking Calendar 1.3: cross-site request forgery in the "action" parameter of the "wp-admin/admin.php?page=wp-simple-booking-calendar&action=delete" script##- Contact Form 3.81: cross-site scripting in the "bws_license_key" parameter of the "wp-admin/admin.php?page=contactform.php&action=go_pro" script.##- Simple Booking Calendar 1.3: cross-site request forgery in the "action" parameter of the "wp-admin/admin.php?page=wp-simple-booking-calendar&action=delete" script##- Contact Form 3.81: cross-site scripting in the "bws_license_key" parameter of the "wp-admin/admin.php?page=contactform.php&action=go_pro" script.)
|
