Wordpress Multiple Third Party Plugins Multiple Vulnerabilities


Description   (#Several vulnerabilities have been identified in third party modules of WordPress:#- MainWP: unspecified vulnerability#- MP3-jPlayer: information disclosure located in the "mp3" parameter in the "download.php" page#- monetize: cross-site scripting located in the "class-monetize-zones-list-table.php " page#- Bookmarkify: cross-site scripting located in the "bookmarkify.php" page#- Avenir-Soft Direct Download: cross-site scripting located in the "admin.php" page#- Symposium: unauthenticated SQL injection located in the "size" parameter of the "get_album_item.php" web page (CVE-2015-6522)#- FileDownload: cross-site scripting located in the "referer" parameter of the "download.php" web page#- FileDownload: open redirect vulnerability located in the"download.php" web page#- Statistics : cross-site scripting located in the "top-referring.php " web page#- Google Analytics by Yoast : cross-site scripting.##Proofs of concept are available for these vulnerabilities.#Updated, 01/12/2016:#An exploitation code has been added to the Metasploit framework for the CVE-2015-6522 vulnerability.)
     
Vulnerable Products   Vulnerable Software:
WordPress (WordPress) - 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, ..., 4.2, 4.2.1, 4.2.2, 4.2.3,
     
Solution   - Google Analytics by Yoast: 5.4.5.
     
CVE   CVE-2015-6522
     
References   - wordpress : mainwp
https://plugins.trac.wordpress.org/changeset/1214999/mainwp
- PacketStorm : WordPress MP3-jPlayer 2.3.2 Path Disclosure
https://packetstormsecurity.com/files/132984/wpmp3jplayer232-disclose.txt
- PacketStorm : WordPress Monetize 1.03 Cross Site Request Forgery / Cross Site Scripting
https://packetstormsecurity.com/files/133002/wpmonetize-xssxsrf.txt
- PacketStorm : WordPress Bookmarkify 2.9.2 Cross Site Request Forgery / Cross Site Scripting
https://packetstormsecurity.com/files/133001/wpbookmarkify-xssxsrf.txt
- PacketStorm : WordPress Avenir-Soft Direct Download 1.0 XSS / CSRF
https://packetstormsecurity.com/files/132992/wpavenirsoft-xssxsrf.txt
- Wordpress : wp-symposium
https://plugins.trac.wordpress.org/changeset/1214872/wp-symposium
- PacketStorm : WordPress Filedownload 1.4 Open Proxy
https://packetstormsecurity.com/files/132959/wpfiledownload-proxy.txt
- Wordpress: Changeset 1215995
https://plugins.trac.wordpress.org/changeset/1215995
- dxwSecurity : Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users
https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious tag with event found in data
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
3.2.0
XSS - Prevention - POST : 'location' javascript object found in data
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - POST : javascript code found in data
3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
XSS - Prevention - POST : code allowing cookie access found in data
3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - POST : 'script' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
5.0.0
XSS - Prevention - POST : javascript code found in data
5.0.0
XSS - Prevention - POST : suspicious tag with event found in data
5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
5.0.0
XSS - Prevention - POST : 'location' javascript object found in data
5.0.0
XSS - Prevention - POST : code allowing cookie access found in data
5.0.0
XSS - Prevention - POST : 'script' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2015-08-08 

 Target Type 
Server 

 Possible exploit 
Remote