WordPress Third-Party Modules Multiple Vulnerabilities


Description   (#Several vulnerabilities have been identified in third-party plugins for WordPress:#- Answer My Question: SQL injection#- Sirv: SQL injection#- Relevanssi Premium: deserialization and SQL injection#- Post Indexer: arbitrary code execution during a deserialization via a man-in-the-middle attack#- BBS e-Franchise: SQL injection#- WP Canvas: stored cross-site scripting#- Instagram Feed: stored cross-site scripting#- Huge IT Portfolio Gallery: cross-site scripting#- Check Email: cross-site scripting#- N-Media: arbitrary file download#- FireStorm Shopping Cart: authenticated SQL injection#- Mini Cart: authenticated SQL injection#- MailChimp: cross-site request forgery and stored cross-site scripting#- Easy Facebook Like Box: cross-site request forgery and stored cross-site scripting.##Proof of concepts are available.)
     
Vulnerable Products   Vulnerable Software:
WordPress (WordPress) -
     
Solution   - Check Email: 0.5.
     
CVE  
     
References   - cxsecurity : WordPress Answer My Question 1.3 SQL Injection
https://cxsecurity.com/issue/WLB-2016110146
- cxsecurity : WordPress Sirv 1.3.1 SQL Injection
https://cxsecurity.com/issue/WLB-2016110145
- security : SQL injection and unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances)
https://security.dxw.com/advisories/sql-injection-and-unserialization-vulnerability-in-relevanssi-premium-could-allow-admins-to-execute-arbitrary-code-in-some-circumstances/
- security : Unserialisation in Post Indexer could allow man-in-the-middle to execute arbitrary code (in some circumstances)
https://security.dxw.com/advisories/unserialisation-in-post-indexer-could-allow-man-in-the-middle-to-execute-arbitrary-code-in-some-circumstances/
- security : SQL Injection in Post Indexer allows super admins to read the contents of the database
https://security.dxw.com/advisories/sql-injection-in-post-indexer-allows-super-admins-to-read-the-contents-of-the-database/
- exploit-db : Wordpress BBS e-Franchise 1.1.1 Plugin - SQL Injection Vulnerability
https://www.exploit-db.com/exploits/40782/
- fulldisclosure : Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin
http://seclists.org/fulldisclosure/2016/Nov/116
- fulldisclosure : Persistent Cross-Site Scripting in Instagram Feed plugin via CSRF
http://seclists.org/fulldisclosure/2016/Nov/115
- fulldisclosure : Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin
http://seclists.org/fulldisclosure/2016/Nov/114
- fulldisclosure : Cross-Site Scripting in Check Email WordPress Plugin
http://seclists.org/fulldisclosure/2016/Nov/113
- cxsecurity : Wordpress Plugin N-Media 1.4 Arbitrary File Download Vulnerability
https://cxsecurity.com/issue/WLB-2016110162
- wpvulndb : FireStorm Shopping Cart eCommerce Plugin 2.07.02 - Authenticated SQL Injection
https://wpvulndb.com/vulnerabilities/8672
- wpvulndb : Mini Cart Plugin 1.00.1 - Authenticated SQL Injection
https://wpvulndb.com/vulnerabilities/8671
- cxsecurity : WordPress Plugin MailChimp 4.0.7 - Cross-Site Request Forgery / XSS
https://cxsecurity.com/issue/WLB-2016110174
- cxsecurity : WordPress Plugin Easy Facebook Like Box 4.3.0- Cross-Site Request Forgery / XSS
https://cxsecurity.com/issue/WLB-2016110173
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious OR statement in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL
3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL
3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL
3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL
3.2.0
SQL injection Prevention - GET : possible database version probing
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL
3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
SQL injection Prevention - GET : block comment delimiters in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
5.0.0
XSS - Prevention - POST : javascript code found in data
5.0.0
XSS - Prevention - POST : suspicious tag with event found in data
5.0.0
SQL injection Prevention - POST : suspicious UPDATE statement in data
5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data
5.0.0
XSS - Prevention - POST : 'location' javascript object found in data
5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data
5.0.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL
5.0.0
XSS - Prevention - POST : code allowing cookie access found in data
5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data
5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements
5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data
5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data
5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data
5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement
5.0.0
XSS - Prevention - POST : 'script' tag found in data
5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data
5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data
5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data
5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data
5.0.0
SQL injection Prevention - POST : suspicious OR statement in data
5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data
5.0.0
SQL injection Prevention - POST : possible version probing in data
5.0.0
SQL injection Prevention - GET : suspicious SQL keywords in URL
5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2016-11-18 

 Target Type 
Server 

 Possible exploit 
Remote