WordPress Third-Party Modules Multiple Vulnerabilities
Description
(#Several vulnerabilities have been identified in plugins for WordPress:#- Email WordPress: cross-site scripting in the "Contact" form#- Code Snippets: cross-site scripting#- Woo Custom Checkout Field: stored cross-site scripting#- Xcloner: stored cross-site scripting#- Yoast SEO: cross-site scripting#- Ultimate Product Catalog: SQL injection#- WP-Polls: authenticated cross-site scripting#- Clicky: several stored cross-site scripting#- File Monitor: stored cross-site scripting#- Insert PHP: arbitrary PHP code execution#- All In One WP Security & Firewall: CAPTCHA bypass, allowing bruteforce attack#- Easy Testimonials: several stored cross-site scripting##Proofs of concept are available.##Exploitation codes are also available.)
Vulnerable Products
Vulnerable Software:
WordPress (WordPress) -
Solution
- Easy Testimonials: 1.37
CVE
References
- Full Disclosure : Cross-Site Scripting in Contact Form to Email WordPress Plugin
http://seclists.org/fulldisclosure/2016/Jul/59
- Full Disclosure : Cross-Site Scripting in Code Snippets WordPress Plugin
http://seclists.org/fulldisclosure/2016/Jul/60
- wpvulndb : Woo Custom Checkout Field CSRF + Stored XSS
https://wpvulndb.com/vulnerabilities/8567
- oss-sec : a stored XSS in Xcloner for wordpress
http://seclists.org/oss-sec/2016/q3/165
- wpvulndb : Yoast SEO Unspecified Cross-Site Scripting
https://wpvulndb.com/vulnerabilities/8569
- packetstormsecurity : WordPress Ultimate Product Catalog 3.9.8 SQL Injection
https://packetstormsecurity.com/files/138092/wpupc398-sql.txt
- wpvulndb : Authenticated Reflected Cross-Site Scripting
https://wpvulndb.com/vulnerabilities/8571
- wpvulndb : Clicky Minor Security Improvements
https://wpvulndb.com/vulnerabilities/8572
- wpvulndb : File Monitor Stored Cross-Site Scripting
https://wpvulndb.com/vulnerabilities/8525
- oss-sec : Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP
http://seclists.org/oss-sec/2016/q3/att-209/insert_php_wordpress_plugin_allows_authenticated_user_to_execute_arbitrary_php.txt
- oss-sec : Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA
http://seclists.org/oss-sec/2016/q3/att-209/multiple_vulnerabilities_in_all_in_one_wp_security_firewall_plugin_login_captcha.txt
- oss-sec : Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin
http://seclists.org/oss-sec/2016/q3/att-209/stored_cross_site_scripting_vulnerability_in_easy_testimonials_wordpress_plugin.txt
Vulnerability Manager Detection
No
IPS Protection
ASQ Engine alarm
Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
5.0.0
XSS - Prevention - POST : javascript code found in data
5.0.0
XSS - Prevention - POST : suspicious tag with event found in data
5.0.0
SQL injection Prevention - POST : suspicious UPDATE statement in data
5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data
5.0.0
XSS - Prevention - POST : 'location' javascript object found in data
5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data
5.0.0
XSS - Prevention - POST : code allowing cookie access found in data
5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data
5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data
5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data
5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data
5.0.0
XSS - Prevention - POST : 'script' tag found in data
5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data
5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data
5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data
5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data
5.0.0
SQL injection Prevention - POST : suspicious OR statement in data
5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data
5.0.0
SQL injection Prevention - POST : possible version probing in data
5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
Risk level
Moderate
Vulnerability First Public Report Date
2016-07-24
Target Type
Client + Server
Possible exploit
Remote
