|
Description
|
|
(#Several vulnerabilities have been identified in third-party plugins for WordPress:#- W3 Total Cache: post-authentication cross-site scripting in the "request_id" variable of the "support" section##- N-Media Website Contact Form with File Upload: file upload located in the "restrict.php" script file##- Viral Optins: file upload via cross-site request forgery##- Order Export Import for WooCommerce: orders information disclosure##Proof of concepts are available.)
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
WordPress (WordPress) -
|
|
|
|
|
|
Solution
|
|
Version 1.0.9 of Order Export Import for WooCommerce fixes the vulnerability affecting it.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
- wpvulndb : Order Export Import for WooCommerce 1.0.8 - Order Information Disclosure
https://wpvulndb.com/vulnerabilities/8624
- Full Disclosure: XSS Wordpress W3 Total Cache <= 0.9.4.1
http://seclists.org/fulldisclosure/2016/Sep/52
- 0day.today : WordPress Viral Optins Plugin CSRF File Upload Vulnerability
http://0day.today/exploit/25740
- wpvulndb : N-Media Website Contact Form with File Upload - Arbitrary File Upload
https://wpvulndb.com/vulnerabilities/8623
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
