Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Description
Several vulnerabilities have been identified in plugins for WordPress:
- CP Contact Form with Paypal: cross-site request forgery, cross-site scripting and SQL injection located in admin area
- GD bbPress: cross-site scripting via 'tab' parameter of "forms/panels.php" source file
- GD bbPress Attachments: local file inclusion via 'tab' parameter of "edit.php" source file
- WP-powerplaygallery: remote file upload and SQL injection via "upload.php" source file
- CP Multi View Event Calendar: SQL injection via "edit.php" and "datafeed.php" source file
- CP Image Store with Slideshow: arbitrary file download via "cp-image-store.php"
- CP Image Store with Slideshow: security bypass of Purchase ID anti brute force
- The Events Calendar: cross-site scripting in "import-eventbrite-events.php"
- Image-export: remote file upload via "download.php" source file
- Plotly: cross-site scripting
- WP Front-End Repository Manager: remote file upload via "uploadify.php" source file
- Candidate Application Form: arbitrary file download via "downloadpdffile.php" source file
- Subscribe to Comments: local file inclusion and arbitrary remote code execution
- Recent-backups: arbitrary file download via "download-file.php" source file
- WP Attachment Export: arbitrary file download via via "tools.php" source file
- BuddyPress Activity Plus: cross-site request forgery
Proofs of concept are available.
New versions of the following plugins fix the vulnerabilities impacting them:- CP Contact Form with Paypal: 1.1.6- GD bbPress: 2.3- GD bbPress Attachments: 2.2- CP Multi View Event Calendar: 1.0.7- CP Image Store with Slideshow: 1.0.6- CP Image Store with Slideshow (Purchase ID): 1.0.7- WP Attachment Export: 0.2.4- The Events Calendar: 3.10.2- Plotly: 1.0.3- Subscribe to Comments: 2.3- BuddyPress Activity Plus: 1.6.2
