Archive

Archive for September, 2011

WordPress WP e-Commerce Plugin “transaction_id” Two SQL Injection

September 30th, 2011
Comments Off

Application: WordPress
Affected Version: version 3.8.6 and other versions.
Vendor’s URL: WP e-Commerce Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.8.6.1.

Content Management, E-Commerce, SQL Injection

WordPress Auctions Plugin “wpa_id” SQL Injection

September 30th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.8.8 and other versions.
Vendor’s URL: Auctions Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

WordPress WP Easy Stats Plugin “homep” File Inclusion

September 30th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.8 and other versions.
Vendor’s URL: WP Easy Stats Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

WordPress Filedownload Plugin “path” File Disclosure

September 30th, 2011
Comments Off

Application: WordPress
Affected Version: version 0.1 and other versions.
Vendor’s URL: Filedownload Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, Information Disclosure

Ayco Resim Galeri “catid” SQL Injection

September 30th, 2011
Comments Off

Application: Ayco Resim Galeri
Affected Version:
Vendor’s URL: Ayco Resim Galeri
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Image Galleries, SQL Injection

WordPress Count Per Day Plugin “month” SQL Injection

September 30th, 2011
Comments Off

Application: WordPress
Affected Version: version 2.17 and prior versions.
Vendor’s URL: Count Per Day Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Upgrade to version 3.0.

Content Management, SQL Injection

WordPress Zingiri Web Shop Plugin “wpabspath” File Inclusion

September 30th, 2011
Comments Off

Application: WordPress
Affected Version: version 2.2.0 and prior versions.
Vendor’s URL: Zingiri Web Shop Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 2.2.1.

Content Management, File Inclusion

ImpressPages CMS Unspecified Code Execution

September 30th, 2011
Comments Off

Application: ImpressPages CMS
Affected Version: version 1.0.12 and prior versions.
Vendor’s URL: ImpressPages CMS
Bug Type: Code Execution
Risk Level: Critical

Solution:
Update to version 1.0.13.

Content Management, Remote Command Execution

WordPress Adsense Extreme Plugin “adsensextreme[lang]” File Inclusion

September 30th, 2011

Application: WordPress
Affected Version: version 1.0.3 and prior versions.
Vendor’s URL: Adsense Extreme Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.0.4.

Content Management, File Inclusion

WordPress Annonces Plugin “abspath” and “mainPluginFile” File Inclusion

September 30th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.2.0.0 and other versions.
Vendor’s URL: Annonces Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

OpenCart Cache Arbitrary File Overwrite

September 29th, 2011
Comments Off

Application: OpenCart
Affected Version: version 1.5.1.1 and prior versions.
Vendor’s URL: OpenCart
Bug Type: File Overwrite
Risk Level: Critical

Solution:
Update to version 1.5.1.2.

E-Commerce, File Inclusion

WordPress s2Member Plugin “s2member_file_download” File Disclosure

September 29th, 2011
Comments Off

Application: WordPress
Affected Version: versions prior to 110812.
Vendor’s URL: s2Member Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 110812 or later.

Content Management, Information Disclosure

WordPress Mini Mail Dashboard Widget Plugin Remote File Inclusion

September 29th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.36 and other versions.
Vendor’s URL: Mini Mail Dashboard Widget Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.37.

Content Management, File Inclusion

WordPress WP Forum Server Plugin “edit_post_id” SQL Injection

September 29th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.7 and other versions.
Vendor’s URL: WP Forum Server Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

WordPress Easy Comment Uploads Plugin Arbitrary File Upload

September 29th, 2011
Comments Off

Application: WordPress
Affected Version: version 0.61 and prior versions.
Vendor’s URL: Easy Comment Uploads Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 0.70 or later.

Content Management, File Inclusion

WordPress WP-Filebase Plugin “base” SQL Injection

September 29th, 2011
Comments Off

Application: WordPress
Affected Version: version 0.2.9 and prior versions.
Vendor’s URL: WP-Filebase Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 0.2.9.1.

Content Management, SQL Injection

WordPress 1 Flash Gallery Plugin Arbitrary File Upload

September 29th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.5.6 and prior versions.
Vendor’s URL: 1 Flash Gallery Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.5.8.

Content Management, File Inclusion

WordPress Community Events Plugin “id” Cross-Site Scripting and SQL Injection

September 29th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.2.2 and other versions.
Vendor’s URL: Community Events Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting, SQL Injection

WordPress wpcu3er Plugin Arbitrary File Upload

September 29th, 2011
Comments Off

Application: WordPress
Affected Version: version 0.55 and prior versions.
Vendor’s URL: wpcu3er Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 0.56 or later.

Content Management, File Inclusion

WordPress KNR Author List Plugin Two SQL Injection

September 29th, 2011
Comments Off

Application: WordPress
Affected Version: version 2.0 and other versions.
Vendor’s URL: KNR Author List Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection