SNS Vulnerability

WordPress Third-Party Modules Multiple Vulnerabilities

Description

(#Several vulnerabilities have been identified in third-party plugins for WordPress:#- WP Google Maps: stored cross-site scripting and cross-site request forgery#- W3 Total Cache: weak validation upon Amazon SNS messages, information disclosure and cross-site request forgery#- 404 to 301: stored cross-site scripting#- Calendar: cross-site scripting#- XClonner: directory transversal, remote code execution and cross-site request forgery#- Post Grid: file deletion#- Caldera Forms: cross-site scripting#- Quotes Collection: reflected cross-site scripting#- WassUp Real Time Analytics: stored cross-site scripting#- YITH WooCommerce Compare: PHP injection.##Proofs of concept are available.)

Vulnerable Products

Vulnerable Software:
WordPress (WordPress) -

Solution

- YITH WooCommerce Compare: 2.1.0.

CVE

References

- pluginvulnerabilities : File Deletion Vulnerability in Post Grid | Plugin Vulnerabilities
https://www.pluginvulnerabilities.com/2016/11/08/file-deletion-vulnerability-in-post-grid/
- cxsecurity : WordPress Calendar 1.3.7 Cross Site Scripting - CXSecurity.com
https://cxsecurity.com/issue/WLB-2016110080
- cxsecurity : WordPress XCloner 3.1.5 Denial Of Service / Code Execution - CXSecurity.com
https://cxsecurity.com/issue/WLB-2016110081
- Summer of Pwnage : Weak validation of Amazon SNS push messages in W3 Total Cache WordPress Plugin
https://sumofpwn.nl/advisory/2016/weak_validation_of_amazon_sns_push_messages_in_w3_total_cache_wordpress_plugin.html
- cxsecurity : WordPress 404 To 301 2.2.8 Cross Site Scripting - CXSecurity.com
https://cxsecurity.com/issue/WLB-2016110079
- Summer of Pwnage : Information disclosure race condition in W3 Total Cache WordPress Plugin
https://sumofpwn.nl/advisory/2016/information_disclosure_race_condition_in_w3_total_cache_wordpress_plugin.html
- wpvulndb : Caldera Forms <= 1.3.5.3 - Cross Site Scripting
https://wpvulndb.com/vulnerabilities/8650
- wpvulndb : WassUp Real Time Analytics <= 1.9 - Cross Site Scripting
https://wpvulndb.com/vulnerabilities/8651
- wpvulndb : Calendar <= 1.3.7 - Cross Site Scripting
https://wpvulndb.com/vulnerabilities/8652
- Summer of Pwnage - Persistent Cross-Site Scripting in WP Google Maps Plugin via CSRF
https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_wp_google_maps_plugin_via_csrf.html
- wpvulndb : Quotes Collection - Reflected Cross Site Scripting
https://wpvulndb.com/vulnerabilities/8649
- wpvulndb : YITH WooCommerce Compare <= 2.0.9 - Unauthenticated PHP Object injection
https://wpvulndb.com/vulnerabilities/8648
- oss-sec: Multiple vulnerabilities affecting five WordPress Plugins (XSS & object injection)
http://seclists.org/oss-sec/2016/q4/357
- pluginvulnerabilities : Cross-Site Request Forgery (CSRF)/File Deletion Vulnerability in XCloner | Plugin Vulnerabilities
https://www.pluginvulnerabilities.com/2016/11/10/cross-site-request-forgery-csrffile-deletion-vulnerability-in-xcloner/
- Summer of Pwnage : Reflected Cross-Site Scripting vulnerability in W3 Total Cache plugin
https://sumofpwn.nl/advisory/2016/reflected_cross_site_scripting_vulnerability_in_w3_total_cache_plugin.html

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	3.2.0
Directory traversal	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0
Code injection in HTTP User-Agent detected	4.1.2
XSS - Prevention - POST : suspicious 'style' tag found in data	5.0.0
XSS - Prevention - POST : javascript code found in data	5.0.0
XSS - Prevention - POST : suspicious tag with event found in data	5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	5.0.0
XSS - Prevention : suspicious tag or javascript found in header	5.0.0
XSS - Prevention : suspicious 'document.cookie' found in header	5.0.0
XSS - Prevention - POST : 'location' javascript object found in data	5.0.0
XSS - Prevention - POST : code allowing cookie access found in data	5.0.0
Serialized PHP object in HTTP header	5.0.0
XSS - Prevention - POST : 'script' tag found in data	5.0.0
XSS - Prevention : suspicious 'script' tag found in header	5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2016-11-08

Target Type

Server

Possible exploit

Remote