SNS Vulnerability

Wordpress Multiple Third Party Plugins Vulnerabilities

Description

(#Several vulnerabilities have been identified in third-party plugins for WordPress:#- Export to Ghost: security bypass allowing export file download without authentication#- Advanced Custom Fields: post authentication cross-site scripting#- bbPress: stored cross-site scripting#- Acunetix WP Security: cross-site scripting#- Ninja Forms - CVE-2016-1209: arbitrary file upload and information disclosure#- Tag Miner: cross-site request forgery#- Yoast: information disclosure#- MainWP: stored cross-site scripting#- Tevolution: arbitrary file upload.##Proof of concepts are available.#Updated, 27/05/2016:#An exploitation code has been added to the Metasploit framework for the Ninja Forms vulnerability.)

Vulnerable Products

Vulnerable Software:
WordPress (WordPress) -

Solution

- Tevolution: 2.3.0.

CVE

CVE-2016-1209

References

- CXSecurity : WordPress Export to Ghost Unrestricted Export Download
https://cxsecurity.com/issue/WLB-2016050002
- 0x62626262 : Advanced Custom Fields Auth XSS Vulnerability
https://0x62626262.wordpress.com/2016/05/01/advanced-custom-fields-auth-xss-vulnerability/
- Securi : Security Advisory: Stored XSS in bbPress
https://blog.sucuri.net/2016/05/security-advisory-stored-xss-bbpress-2.html
- Exploit-DB : Acunetix WP Security Plugin 3.0.3 - XSS
https://www.exploit-db.com/exploits/39761/
- Pritect : Ninja Forms <= 2.9.42 Multiple Critical Security Vulnerabilities
http://www.pritect.net/blog/ninja-forms-2-9-42-critical-security-vulnerabilities
- IntelligentExploit : Wordpress Tag Miner Cross Site Request Forgery
https://www.intelligentexploit.com/view-details.html?id=21930
- Wordfence : Vulnerability in Yoast SEO 3.2.4 for WordPress. Severity 5.3 (Medium)
https://www.wordfence.com/blog/2016/05/yoast-seo-vulnerability/
- Klikki : MainWP < 3.1.3 admin panel unauthenticated stored XSS
https://klikki.fi/adv/mainwp.html
- WPTavern : Templatic Hacked, Files and Databases Compromised
http://wptavern.com/templatic-hacked-files-and-databases-compromised

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - POST : suspicious 'meta' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	5.0.0
XSS - Prevention - POST : javascript code found in data	5.0.0
XSS - Prevention - POST : suspicious tag with event found in data	5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	5.0.0
XSS - Prevention - POST : 'location' javascript object found in data	5.0.0
XSS - Prevention - POST : code allowing cookie access found in data	5.0.0
XSS - Prevention - POST : 'script' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2016-05-06

Target Type

Server

Possible exploit

Remote