WordPress Third-Party Plugins Multiple Vulnerabilities


Description   (#Several vulnerabilities have been identified in third-party plugins for WordPress:#- Image Slider: arbitrary files deletion#- Simply Poll: SQL injection in the "pollid" parameter#- Slider Templatic Tevolution: arbitrary file upload#- Pike Firewall: cross-site scripting leading to information disclosure#- BuddyPres: arbitrary files deletion#- XCloner - Backup and Restore: authenticated path traversal#- Chained Quiz: cross-site scripting#- CVE-2016-10112: WooCommerce: authenticated cross-site scripting#- Stop User Enumeration: user enumeration.##Proofs of concept are available.)
     
Vulnerable Products   Vulnerable Software:
WordPress (WordPress) -
     
Solution   - Stop User Enumeration : 1.3.5.
     
CVE   CVE-2016-10112
     
References   - oss-sec : Arbitrary file deletion vulnerability in Image Slider allows authenticated users to delete files (WordPress plugin)
http://seclists.org/fulldisclosure/2016/Dec/76
- exploit-db : WordPress Plugin Simply Poll 1.4.1 - SQL Injection
https://www.exploit-db.com/exploits/40971/
- exploit-db : WordPress Plugin Slider Templatic Tevolution < 2.3.6 - Arbitrary File Upload
https://www.exploit-db.com/exploits/40976/
- pluginvulnerabilities :Information Disclosure Vulnerability in Pike Firewall
https://www.pluginvulnerabilities.com/2017/01/02/information-disclosure-vulnerability-in-pike-firewall/
- wptavern : BuddyPress 2.7.4 Patches Security Vulnerability That Could Allow Arbitrary File Deletion
https://wptavern.com/buddypress-2-7-4-patches-security-vulnerability-that-could-allow-arbitrary-file-deletion
- wpvulndb : XCloner - Backup and Restore <= 3.1.4 - Authenticated Path Traversal
https://wpvulndb.com/vulnerabilities/8707
- wpvulndb : Chained Quiz <= 0.9.8 - Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8711
- wpvulndb : WooCommerce <= 2.6.8 - Authenticated Tax-Rate CSV XSS
https://wpvulndb.com/vulnerabilities/8710
- dxwsecurity : Stop User Enumeration does not stop user enumeration
https://security.dxw.com/advisories/stop-user-enumeration-does-not-stop-user-enumeration/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Code injection in HTTP User-Agent detected
4.1.2
SQL injection Prevention - POST : suspicious UPDATE statement in data
5.0.0
XSS - Prevention : suspicious tag or javascript found in header
5.0.0
XSS - Prevention : suspicious 'document.cookie' found in header
5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data
5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data
5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data
5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data
5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data
5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data
5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data
5.0.0
XSS - Prevention : suspicious 'script' tag found in header
5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data
5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data
5.0.0
SQL injection Prevention - POST : suspicious OR statement in data
5.0.0
SQL injection Prevention - POST : possible version probing in data
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2017-01-06 

 Target Type 
Server 

 Possible exploit 
Remote