SNS Vulnerability

Wordpress Multiple Third Party Plugins Vulnerabilities

Description

(#Several vulnerabilities have been identified in third-party plugins for WordPress:#- event-registration: SQL injections in the "evt_public-process_confirmation.php" source file and exploitable via the "token" and "questions" POST parameters##- event-registration: stored cross-site scripting in attendee's first name and last name fields on registration confirmation (evr_public-process_confirmation.php)##- nelio-ab-testing: path traversal##- enhanced-tooltipglossary: reflected cross-site scripting in the "itemsnumber" GET parameter of the "enhanced-tooltipglossary/backend/views/admin_importexport.php" page##- tera-charts: reflected cross-site scripting in the "fn" and "userid" GET parameters of the "tera-charts/charts/treemap.php" page##- pondol-carousel: reflected cross-site scripting in the "itemid" GET parameter of the "pondol-carousel/pages/admin_create.php" page##- Simple Photo Gallery: stored cross-site scripting in the "name" field of galleries and albums##- Fluid Responsive Slideshow: cross-site request forgery in the "frst_save()" AJAX handler##- Fluid Responsive Slideshow: reflected cross-site scripting in the "skin" GET parameter.##Proofs of concept are available.)

Vulnerable Products

Vulnerable Software:
WordPress (WordPress) -

Solution

- Fluid Responsive Slideshow: 2.2.7.

CVE

References

- Bugtraq: WordPress Plugin event-registration 6.02.02: SQL-Injection and persistent XSS
http://seclists.org/bugtraq/2016/May/34
- WPScan Vulnerability Database : Fluid Responsive Slideshow <= 2.2.6 - CSRF & XSS
https://wpvulndb.com/vulnerabilities/8498
- oss-sec: Request CVE ID for Simple Photo Gallery 1.8.0 - Stored XSS
http://seclists.org/oss-sec/2016/q2/324
- oss-sec: Reflected XSS in three Wordpress plugins.
http://seclists.org/oss-sec/2016/q2/323
- oss-sec: WordPress plugin nelio-ab-testing path traversal vulnerability
http://seclists.org/oss-sec/2016/q2/297

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL	3.2.0
Misc : Directory traversal - parameter starting with ../	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
Directory traversal using ..\..	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	3.2.0
Directory traversal	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
Directory traversal backward root folder	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	5.0.0
XSS - Prevention - POST : javascript code found in data	5.0.0
XSS - Prevention - POST : suspicious tag with event found in data	5.0.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data	5.0.0
XSS - Prevention - POST : 'location' javascript object found in data	5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	5.0.0
XSS - Prevention - POST : code allowing cookie access found in data	5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data	5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data	5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data	5.0.0
XSS - Prevention - POST : 'script' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data	5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data	5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data	5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious OR statement in data	5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data	5.0.0
SQL injection Prevention - POST : possible version probing in data	5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2016-05-09

Target Type

Client + Server

Possible exploit

Remote