|
Description
|
|
(#Several vulnerabilities have been identified in third party plugins for WordPress:#- WP Super Cache: PHP Object Injection#- WP Super Cache: three cross-site scripting in "cpabc_appointments_admin_int_bookings_list.inc.php"#- Appointment Booking Calendar: several cross-site scripting (CVE-2015-7320)#- landing-pages: remote command execution (CVE-2015-5227)#- better-wp-security: remote command execution in "better-wp-security.php".##A proof of concept is available for the vulnerability affecting "better-wp-security" plugin.)
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
WordPress (WordPress) -
|
|
|
|
|
|
Solution
|
|
- wp-super-cache: 1.4.5
|
|
|
|
|
|
CVE
|
|
CVE-2015-7320
CVE-2015-5227
|
|
|
|
|
|
References
|
|
- WPScan : WP Super Cache <= 1.4.4 - PHP Object Injection
https://wpvulndb.com/vulnerabilities/8198
- WPScan : WP Super Cache <= 1.4.4 - Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8197
- seclists : CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin
http://seclists.org/bugtraq/2015/Sep/123
- WPScan : WordPress Landing Pages - 1.8.8-1.9.0 - Unauthenticated Remote Command Execution
https://wpvulndb.com/vulnerabilities/8200
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
