SNS Vulnerability

Wordpress Multiple Third Party Plugins Vulnerabilities

Description

(#Several vulnerabilities have been identified in third-party plugins for WordPress:#- Ultimate Member: local file inclusion. This vulnerability stems from a lack of validation of user-supplied inputs in the "page" parameters#- All in One SEO: stored cross-site scripting. This vulnerability is located in the "Bot Blocker" functionality#- Profile Builder: privilege escalation#- Lazy Content Slider: cross site request forgery (CSRF) in the "Add Category" feature#- WP-DownloadManager : arbitrary file upload#- WP Maintenance Mode: several vulnerabilities. Information disclosure, missing authorization and remote code execution vulnerabilities#- WP Job Manager: arbitrary file upload#- WP Live Chat Support: stored cross-site scripting#- Activity Log: stored cross-site scripting##Proof of concept are available.)

Vulnerable Products

Vulnerable Software:
WordPress (WordPress) -

Solution

- Activity Log: 2.3.2

CVE

References

- sumofpwn : Ultimate Member Local File Inclusion vulnerability
https://sumofpwn.nl/advisory/2016/ultimate_member_local_file_inclusion_vulnerability.html
- sumofpwn : Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin
https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_all_in_one_seo_pack_wordpress_plugin.html
- exploit-db : WordPress Lazy Content Slider Plugin 3.4 CSRF
https://www.exploit-db.com/exploits/40070/
- 0day : Arbitrary File Upload Vulnerability WP-DownloadManager
http://0day.today/exploit/25661
- wpvulndb : Authenticated Multisite Remote Code Execution WP Maintenance Mode
https://wpvulndb.com/vulnerabilities/8540
- wpvulndb : Subscriber Information Disclosure WP Maintenance Mode
https://wpvulndb.com/vulnerabilities/8541
- wpvulndb : Missing Settings Authorization WP Maintenance Mode
https://wpvulndb.com/vulnerabilities/8542
- cxsecurity : Wordpress WP Job Manager 1.25 Arbitrary File Upload Vulnerability
https://cxsecurity.com/issue/WLB-2016070087
- cxsecurity : Persistent Cross-Site Scripting in WP Live Chat Support plugin
https://cxsecurity.com/issue/WLB-2016070077
- cxsecurity : WordPress Activity Log 2.3.1 Persistent Cross Site Scripting
https://cxsecurity.com/issue/WLB-2016070076

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
Ultimate Member Wordpress Plugin: local file inclusion	5.0.0
Upload of a PHP file in a vulnerable web application	5.0.0
XSS - Prevention : suspicious 'script' tag found in header	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2016-07-06

Target Type

Server

Possible exploit

Remote