SNS Vulnerability

WordPress Third-Party Plugins Multiple Vulnerabilities

Description

(#Several vulnerabilities have been identified in third-party plugins for WordPress:#- moreAds SE: open redirect#- Google Forms: unauthenticated PHP Object injection#- CMS Commander Client: unauthenticated PHP Object injection#- InfiniteWP Client: unauthenticated PHP Object injection#- FormBuilder: multiple blind SQL injection and a cross-site request forgery#- User Access Manager: stored cross-site scripting#- Online Hotel Booking System Pro: SQL injection#- WP Private Messages: SQL injection#- ABASE: cross-site scripting and cross-site request forgery##Proofs of concept are available.)

Vulnerable Products

Vulnerable Software:
WordPress (WordPress) -

Solution

- User Access Manager: 1.2.14

CVE

References

- pluginvulnerabilities : Open Redirect Vulnerability in moreAds SE
https://www.pluginvulnerabilities.com/2017/01/23/open-redirect-vulnerability-in-moreads-se/
- Full Disclosure : Google Forms WordPress Plugin unauthenticated PHP Object injection vulnerability
http://seclists.org/fulldisclosure/2017/Jan/70
- Full Disclosure : CMS Commander Client WordPress Plugin unauthenticated PHP Object injection vulnerability
http://seclists.org/fulldisclosure/2017/Jan/71
- Full Disclosure : InfiniteWP Client WordPress Plugin unauthenticated PHP Object injection vulnerability
http://seclists.org/fulldisclosure/2017/Jan/72
- BugTraq : Multiple blind SQL injection vulnerabilities in FormBuilder WordPress Plugin
http://seclists.org/bugtraq/2017/Jan/90
- Full Disclosure : Persistent Cross-Site Scripting vulnerability in User Access Manager WordPress Plugin
http://seclists.org/fulldisclosure/2017/Jan/78
- Full Disclosure : Cross-Site Request Forgery vulnerability in FormBuilder WordPress Plugin allows plugin permissions modification
http://seclists.org/fulldisclosure/2017/Jan/76
- Exploit-DB : WordPress Plugin Online Hotel Booking System Pro 1.0 - SQL Injection
https://www.exploit-db.com/exploits/41182/
- Exploit-DB : WordPress Plugin WP Private Messages 1.0.1 - SQL Injection
https://www.exploit-db.com/exploits/41180/
- pluginvulnerabilities : Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in ABASE
https://www.pluginvulnerabilities.com/2017/01/30/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-abase/
- pluginvulnerabilities : Vulnerability report
https://www.pluginvulnerabilities.com/category/vulnerability-report/

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious OR statement in URL	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL	3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL	3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL	3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL	3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL	3.2.0
SQL injection Prevention - GET : possible database version probing	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL	3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
SQL injection Prevention - GET : block comment delimiters in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0
Site with open redirect	4.0.0
XSS - Prevention - POST : suspicious 'style' tag found in data	5.0.0
XSS - Prevention - POST : javascript code found in data	5.0.0
XSS - Prevention - POST : suspicious tag with event found in data	5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	5.0.0
XSS - Prevention - POST : 'location' javascript object found in data	5.0.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL	5.0.0
XSS - Prevention - POST : code allowing cookie access found in data	5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements	5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement	5.0.0
XSS - Prevention - POST : 'script' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data	5.0.0
SQL injection Prevention - GET : suspicious SQL keywords in URL	5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2017-01-25

Target Type

Client + Server

Possible exploit

Remote