Wordpress Multiple Third Party Plugins Multiple Vulnerabilities


Description   (#Several vulnerabilities have been identified in third-party plugins for WordPress:#- User Submitted Posts: stored cross-site scripting in post content#- Calculated Fields Form: administration session hijack. In order to exploit this vulnerability, the attacker must have a valid author or editor account#- Ultimate Exporter: SQL injection#- Ultimate Exporter: cross-site scripting#- Ocim MP3: SQL injection#- More Fields: cross-site request forgery#- GravityForms: cross-site scripting#- CP Polls: arbitrary file upload and stored cross-site scripting#- Advanced Importer: cross-site scripting#- CSV Import: cross-site scripting#- Extra User Details: privileges escalation#- Import Woocommerce: cross-site scripting#- Bulk Delete: privileges escalation.##Proof of concepts are available.)
     
Vulnerable Products   Vulnerable Software:
WordPress (WordPress) -
     
Solution   - Bulk Delete: 5.5.4.
     
CVE  
     
References   - Bugtraq : WordPress User Submitted Posts Plugin [Persistent XSS]
http://seclists.org/bugtraq/2016/Feb/176
- WordPress Calculated Fields Form 1.0.x Session Hijacking
https://packetstormsecurity.com/files/135930/wpcff-hijack.txt
- Bugtraq : WordPress plugin wp-ultimate-exporter SQL injection vulnerability
http://seclists.org/bugtraq/2016/Feb/183
- CXSecurity : Wordpress Ocim MP3 Plugin SQL Injection Vulnerability
https://cxsecurity.com/issue/WLB-2016020220
- Exploit-DB : WordPress More Fields <= 2.1 Plugin - CSRF Vulnerability
https://www.exploit-db.com/exploits/39507/
- Exploit-DB : WordPress CP Polls Plugin 1.0.8 - Multiple Vulnerabilities
https://www.exploit-db.com/exploits/39513/
- 0x62626262 : WP Advanced Importer XSS Vulnerability
https://0x62626262.wordpress.com/2016/02/23/wp-advanced-importer-xss-vulnerability/
- 0x62626262 : CSV Import XSS Vulnerability
https://0x62626262.wordpress.com/2016/02/23/csv-import-xss-vulnerability/
- Bugtraq : Extra User Details [Privilege Escalation]
http://seclists.org/bugtraq/2016/Feb/166
- Bugtraq : WP Ultimate Exporter XSS Vulnerability
http://seclists.org/bugtraq/2016/Feb/172
- Bugtraq : Import Woocommerce XSS Vulnerability
http://seclists.org/bugtraq/2016/Feb/173
- PacketStormSecurity : WordPress CP Polls 1.0.8 File Upload / Cross Site Scripting
https://packetstormsecurity.com/files/136039/wpcppolls108-xssupload.txt
- Bugtraq : WordPress Bulk Delete Plugin [Privilege Escalation]
http://seclists.org/bugtraq/2016/Mar/17
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
SQL injection Prevention - GET : suspicious OR statement in URL
3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL
3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL
3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL
3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL
3.2.0
SQL injection Prevention - GET : possible database version probing
3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL
3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL
3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL
3.2.0
SQL injection Prevention - GET : block comment delimiters in URL
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
5.0.0
XSS - Prevention - POST : javascript code found in data
5.0.0
XSS - Prevention - POST : suspicious tag with event found in data
5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
5.0.0
XSS - Prevention - POST : 'location' javascript object found in data
5.0.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL
5.0.0
XSS - Prevention - POST : code allowing cookie access found in data
5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements
5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement
5.0.0
XSS - Prevention - POST : 'script' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2016-02-28 

 Target Type 
Client 

 Possible exploit 
Remote