|
Description
|
|
(#Several vulnerabilities have been identified in third-party plugins for WordPress:#- Google Authenticator: authentication Bypass. A remote attacker could exploit it by using an email address with a valid password in order to bypass two-factor OTP (one-time password)##- BulletProof Security: multiple cross-site scripting. A remote attacker could exploit them by enticing their victim into following a specially formed link in order to execute arbitrary JavaScript or HTML code.##Proof of concepts are available.)
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
WordPress (WordPress) -
|
|
|
|
|
|
Solution
|
|
- BulletProof Security: 53.5.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
- seclists : BulletProof Security 53.3 - Security Advisory - Multiple XSS Vulnerabilities
http://seclists.org/fulldisclosure/2016/May/31
- wpvulndb : Google Authenticator <= 0.47 - Two Factor Authentication Bypass
https://wpvulndb.com/vulnerabilities/8477
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
