|
Description
|
|
(#Several vulnerabilities have been identified in third-party plugins for WordPress:#- iThemes security: cross-site scripting permanent#- Newsletter: CSRF and cross-site scripting#- Ecwid Ecommerce Shopping Cart: PHP object injection.##Several reflected cross-site scripting vulnerabilities have been identified:#- Portfolio#- WP Editor#- Calendar#- Page Layout Builder: CVE-2016-1000141#- Ajax Random Post: CVE-2016-1000127#- anti-plagiarism: CVE-2016-1000128#- e-search: CVE-2016-1000130, CVE-2016-1000131#- Enhanced Tooltipglossary: CVE-2016-1000132#- Forget About Shortcode Buttons: CVE-2016-1000133#- Hdw Tube: CVE-2016-1000134, CVE-2016-1000135#- Heat Tracker: CVE-2016-1000136#- Hero Maps Pro: CVE-2016-1000137#- Indexisto: CVE-2016-1000138#- New Year Firework: CVE-2016-1000140#- Parsi Font: CVE-2016-1000142#- Photoxhibit: CVE-2016-1000143, CVE-2016-1000144#- Pondol Carousel: CVE-2016-1000145#- Pondol Formmail: CVE-2016-1000146#- Recipes Writer: CVE-2016-1000147#- S3 Video: CVE-2016-1000148#- Simpel Reserveren: CVE-2016-1000149#- Simplified Content: CVE-2016-1000150#- Tera Charts: CVE-2016-1000151#- Tidio Form: CVE-2016-1000152#- Tidio Gallery: CVE-2016-1000153#- Whizz: CVE-2016-1000154#- Wpsolr Search Engine: CVE-2016-1000154.##A remote attacker could exploit them in order to execute arbitrary JavaScript or HTML code by enticing their victim into following a specially formed link.##Proofs of concept is available.)
|
