Exabytes Security Portal » 2011

WordPress WP e-Commerce Plugin “transaction_id” Two SQL Injection

September 30th, 2011

Comments Off

Application: WordPress
Affected Version: version 3.8.6 and other versions.
Vendor’s URL: WP e-Commerce Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.8.6.1.

Content Management, E-Commerce, SQL Injection

WordPress Auctions Plugin “wpa_id” SQL Injection

September 30th, 2011

Comments Off

Application: WordPress
Affected Version: version 1.8.8 and other versions.
Vendor’s URL: Auctions Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

WordPress WP Easy Stats Plugin “homep” File Inclusion

September 30th, 2011

Comments Off

Application: WordPress
Affected Version: version 1.8 and other versions.
Vendor’s URL: WP Easy Stats Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

WordPress Filedownload Plugin “path” File Disclosure

September 30th, 2011

Comments Off

Application: WordPress
Affected Version: version 0.1 and other versions.
Vendor’s URL: Filedownload Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, Information Disclosure

Ayco Resim Galeri “catid” SQL Injection

September 30th, 2011

Comments Off

Application: Ayco Resim Galeri
Affected Version:
Vendor’s URL: Ayco Resim Galeri
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Image Galleries, SQL Injection

WordPress Count Per Day Plugin “month” SQL Injection

September 30th, 2011

Comments Off

Application: WordPress
Affected Version: version 2.17 and prior versions.
Vendor’s URL: Count Per Day Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Upgrade to version 3.0.

Content Management, SQL Injection

WordPress Zingiri Web Shop Plugin “wpabspath” File Inclusion

September 30th, 2011

Comments Off

Application: WordPress
Affected Version: version 2.2.0 and prior versions.
Vendor’s URL: Zingiri Web Shop Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 2.2.1.

Content Management, File Inclusion

ImpressPages CMS Unspecified Code Execution

September 30th, 2011

Comments Off

Application: ImpressPages CMS
Affected Version: version 1.0.12 and prior versions.
Vendor’s URL: ImpressPages CMS
Bug Type: Code Execution
Risk Level: Critical

Solution:
Update to version 1.0.13.

Content Management, Remote Command Execution

WordPress Adsense Extreme Plugin “adsensextreme[lang]” File Inclusion

September 30th, 2011

No comments

Application: WordPress
Affected Version: version 1.0.3 and prior versions.
Vendor’s URL: Adsense Extreme Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.0.4.

Content Management, File Inclusion

WordPress Annonces Plugin “abspath” and “mainPluginFile” File Inclusion

September 30th, 2011

Comments Off

Application: WordPress
Affected Version: version 1.2.0.0 and other versions.
Vendor’s URL: Annonces Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

OpenCart Cache Arbitrary File Overwrite

September 29th, 2011

Comments Off

Application: OpenCart
Affected Version: version 1.5.1.1 and prior versions.
Vendor’s URL: OpenCart
Bug Type: File Overwrite
Risk Level: Critical

Solution:
Update to version 1.5.1.2.

E-Commerce, File Inclusion

WordPress s2Member Plugin “s2member_file_download” File Disclosure

September 29th, 2011

Comments Off

Application: WordPress
Affected Version: versions prior to 110812.
Vendor’s URL: s2Member Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 110812 or later.

Content Management, Information Disclosure

WordPress Mini Mail Dashboard Widget Plugin Remote File Inclusion

September 29th, 2011

Comments Off

Application: WordPress
Affected Version: version 1.36 and other versions.
Vendor’s URL: Mini Mail Dashboard Widget Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.37.

Content Management, File Inclusion

WordPress WP Forum Server Plugin “edit_post_id” SQL Injection

September 29th, 2011

Comments Off

Application: WordPress
Affected Version: version 1.7 and other versions.
Vendor’s URL: WP Forum Server Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

WordPress Easy Comment Uploads Plugin Arbitrary File Upload

September 29th, 2011

Comments Off

Application: WordPress
Affected Version: version 0.61 and prior versions.
Vendor’s URL: Easy Comment Uploads Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 0.70 or later.

Content Management, File Inclusion

WordPress WP-Filebase Plugin “base” SQL Injection

September 29th, 2011

Comments Off

Application: WordPress
Affected Version: version 0.2.9 and prior versions.
Vendor’s URL: WP-Filebase Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 0.2.9.1.

Content Management, SQL Injection

WordPress 1 Flash Gallery Plugin Arbitrary File Upload

September 29th, 2011

Comments Off

Application: WordPress
Affected Version: version 1.5.6 and prior versions.
Vendor’s URL: 1 Flash Gallery Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.5.8.

Content Management, File Inclusion

WordPress Community Events Plugin “id” Cross-Site Scripting and SQL Injection

September 29th, 2011

Comments Off

Application: WordPress
Affected Version: version 1.2.2 and other versions.
Vendor’s URL: Community Events Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting, SQL Injection

WordPress wpcu3er Plugin Arbitrary File Upload

September 29th, 2011

Comments Off

Application: WordPress
Affected Version: version 0.55 and prior versions.
Vendor’s URL: wpcu3er Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 0.56 or later.

Content Management, File Inclusion

WordPress KNR Author List Plugin Two SQL Injection

September 29th, 2011

Comments Off

Application: WordPress
Affected Version: version 2.0 and other versions.
Vendor’s URL: KNR Author List Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Older Entries

Archive

WordPress WP e-Commerce Plugin “transaction_id” Two SQL Injection

WordPress Auctions Plugin “wpa_id” SQL Injection

WordPress WP Easy Stats Plugin “homep” File Inclusion

WordPress Filedownload Plugin “path” File Disclosure

Ayco Resim Galeri “catid” SQL Injection

WordPress Count Per Day Plugin “month” SQL Injection

WordPress Zingiri Web Shop Plugin “wpabspath” File Inclusion

ImpressPages CMS Unspecified Code Execution

WordPress Adsense Extreme Plugin “adsensextreme[lang]” File Inclusion

WordPress Annonces Plugin “abspath” and “mainPluginFile” File Inclusion

OpenCart Cache Arbitrary File Overwrite

WordPress s2Member Plugin “s2member_file_download” File Disclosure

WordPress Mini Mail Dashboard Widget Plugin Remote File Inclusion

WordPress WP Forum Server Plugin “edit_post_id” SQL Injection

WordPress Easy Comment Uploads Plugin Arbitrary File Upload

WordPress WP-Filebase Plugin “base” SQL Injection

WordPress 1 Flash Gallery Plugin Arbitrary File Upload

WordPress Community Events Plugin “id” Cross-Site Scripting and SQL Injection

WordPress wpcu3er Plugin Arbitrary File Upload

WordPress KNR Author List Plugin Two SQL Injection

Categories

Archives