SNS Vulnerability

WordPress Third-Party Modules Multiple Vulnerabilities

Description

(#Several vulnerabilities have been identified in plugins for WordPress:#- Form Lightbox: arbitrary option update leading to admin account#- Dwnldr: stored cross-site scripting#- Woo Email Control: reflected cross-site scripting and cross-site request forgery#- Video Player: multiple SQL injections#- Icegram: cross-site request forgery#- Ninja Forms: multiple cross-site scripting#- WooCommerce: cross-site scripting#- Lazy Load: cross-site scripting.##Proofs of concept are available.#)

Vulnerable Products

Vulnerable Software:
WordPress (WordPress) -

Solution

- Lazy Load: 0.6.1.

CVE

References

- Bugtraq: Multiple SQL injection vulnerabilities in WordPress Video Player
http://seclists.org/bugtraq/2016/Jul/85
- Bugtraq: Cross-Site Request Forgery in Icegram WordPress Plugin
http://seclists.org/bugtraq/2016/Jul/84
- WPVulnDB : Woo Email Control <= 1.01 - Reflected Cross-Site Scripting (XSS) & CSRF
https://wpvulndb.com/vulnerabilities/8559
- Bugtraq: Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin
http://seclists.org/bugtraq/2016/Jul/94
- Bugtraq: Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin
http://seclists.org/bugtraq/2016/Jul/83
- WPVulnDB : Form Lightbox - Arbitrary Option Update Leading to Admin Account
https://wpvulndb.com/vulnerabilities/8557
- WPVulnDB : Dwnldr 1.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8556
- WPVulnDB : Lazy Load <= 0.6 - Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8564
- WPVulnDB : WordPress Video Player <= 1.5.16 - Multiple Authenticated Blind SQL Injection
https://wpvulndb.com/vulnerabilities/8562
- WPVulnDB : WooCommerce <= 2.6.2 - Authenticated Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8563

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0
Code injection in HTTP User-Agent detected	4.1.2
XSS - Prevention - POST : suspicious 'style' tag found in data	5.0.0
XSS - Prevention - POST : javascript code found in data	5.0.0
XSS - Prevention - POST : suspicious tag with event found in data	5.0.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	5.0.0
XSS - Prevention : suspicious tag or javascript found in header	5.0.0
XSS - Prevention : suspicious 'document.cookie' found in header	5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data	5.0.0
XSS - Prevention - POST : 'location' javascript object found in data	5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	5.0.0
XSS - Prevention - POST : code allowing cookie access found in data	5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data	5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data	5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data	5.0.0
XSS - Prevention - POST : 'script' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data	5.0.0
XSS - Prevention : suspicious 'script' tag found in header	5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data	5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data	5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious OR statement in data	5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data	5.0.0
SQL injection Prevention - POST : possible version probing in data	5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2016-07-19

Target Type

Client + Server

Possible exploit

Remote