SNS Vulnerability

Wordpress Multiple Third Party Plugins Multiple Vulnerabilities

Description

(#Multiple vulnerabilities have been identified in third-party plugins for Wordpress:#- Wordpress Extredj: open redirection in the "red.php" page#- WordPress Download Manager: multiple vulnerabilities such as privilege escalation, directory traversal and unauthorized file download#- Quick CMS: cross-site scripting vulnerability in the "sLangEdit" and "sSort" parameters#- Wordpress Booking Calendar: SQL injection without authentication#- WP Easy Gallery: cross-site scripting vulnerability in the "wpeg-settings" parameter#- Simple Download Monitor: bas handling of sessions, a remote attacker could exploit it to authenticate himself on another user's account#- WP-Ultimate CSV Importer: cross-site scripting vulnerability in the "alertmsg" parameter.##Proofs of concept are available.)

Vulnerable Products

Vulnerable Software:
WordPress (WordPress) -

Solution

- Ultimate CSV Importer: 3.8.8.

CVE

References

- Packetstorm Security : WordPress Extredj Open Redirection
https://packetstormsecurity.com/files/135300/wpextredj-redirect.txt
- wpvulndb : WordPress Download Manager <= 2.8.7 - Multiple Vulnerabilities
https://wpvulndb.com/vulnerabilities/8365
- Packetstorm Security : Quick CMS 6.1 Cross Site Scripting
https://packetstormsecurity.com/files/135313/quickcms61-xss.txt
- wpvulndb : WP Easy Gallery <= 4.1.4 - Reflected Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8367
- wpbulndb : Appointment Booking Calendar <= 1.1.23 - Unauthenticated SQL Injection
https://wpvulndb.com/vulnerabilities/8366
- 0day : Wordpress Booking Calendar Contact Form Plugin 1.1.23 - Unauthenticated SQL Injection Vulnerability
http://0day.today/exploit/24848
- wpvulndb : Simple Download Monitor <= 3.2.8 - Insufficient Authorisation
https://wpvulndb.com/vulnerabilities/8364d
- 0x62626262 : WP-Ultimate CSV Importer XSS Vulnerability
https://0x62626262.wordpress.com/2016/01/26/wp-ultimate-csv-importer-xss-vulnerability/

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious OR statement in URL	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL	3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL	3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL	3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL	3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL	3.2.0
SQL injection Prevention - GET : possible database version probing	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL	3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
SQL injection Prevention - GET : block comment delimiters in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0
Site with open redirect	4.0.0
XSS - Prevention - POST : suspicious 'style' tag found in data	5.0.0
XSS - Prevention - POST : javascript code found in data	5.0.0
XSS - Prevention - POST : suspicious tag with event found in data	5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	5.0.0
XSS - Prevention - POST : 'location' javascript object found in data	5.0.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL	5.0.0
XSS - Prevention - POST : code allowing cookie access found in data	5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements	5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement	5.0.0
XSS - Prevention - POST : 'script' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	5.0.0

Risk level

High

Vulnerability First Public Report Date

2016-01-19

Target Type

Client + Server

Possible exploit

Remote