Exabytes Security Portal » 2012

WordPress Backup Plugin Backup Disclosure

July 26th, 2012

Comments Off

Application: WordPress
Affected Version: versions prior to 2.1.
Vendor’s URL: Backup Plugin
Bug Type: information disclosure
Risk Level: Critical

Solution:
Update to version 2.1.

Content Management, Information Disclosure

WordPress Mac Photo Gallery Plugin Multiple Script Insertion

July 26th, 2012

Comments Off

Application: WordPress
Affected Version: version 2.10 and other versions.
Vendor’s URL: Mac Photo Gallery Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Upgrade to version 3.0.

Content Management, Cross Site Scripting

WordPress GD Star Rating Plugin Export Security Bypass

July 26th, 2012

Comments Off

Application: WordPress
Affected Version: version 1.9.18 and prior versions.
Vendor’s URL: GD Star Rating Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.9.19 or later.

Access Bypass, Content Management

WordPress Cimy User Extra Fields Plugin Arbitrary File Upload

July 26th, 2012

Comments Off

Application: WordPress
Affected Version: version 2.3.7 and other versions.
Vendor’s URL: Cimy User Extra Fields Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Nmedia Users File Uploader Plugin Arbitrary File Upload

July 26th, 2012

Comments Off

Application: WordPress
Affected Version: version 1.8 and other versions.
Vendor’s URL: Nmedia Users File Uploader Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Upgrade to version 2.0.

Content Management, File Inclusion

WordPress Resume Submissions & Job Postings Plugin Arbitrary File Upload

July 26th, 2012

Comments Off

Application: WordPress
Affected Version: version 2.5.1 and other versions.
Vendor’s URL: Resume Submissions & Job Postings Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Post Recommendations Plugin “abspath” File Inclusion

July 26th, 2012

Comments Off

Application: WordPress
Affected Version: version 1.1.2 and other versions.
Vendor’s URL: Post Recommendations Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

Joomla! OS Property Component File Upload

July 26th, 2012

Comments Off

Application: Joomla!
Affected Version: version 2.0 and other versions.
Vendor’s URL: OS Property Component
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 2.0.3.

Content Management, File Inclusion

DotNetNuke Multiple Vulnerabilities

July 26th, 2012

Comments Off

Application: DotNetNuke
Affected Version: versions 5.5.0 through 5.6.7 and 6.0.0 through 6.2.0.
Vendor’s URL: DotNetNuke
Bug Type: Security Bypass, Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 5.6.8 or 6.2.1.

Access Bypass, Cross Site Scripting, Discussion Boards

Drupal Security Questions Module Security Bypass

July 26th, 2012

Comments Off

Application: Drupal
Affected Version: versions 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.1.
Vendor’s URL: Security Questions Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to a fixed version.

Access Bypass, Content Management

WordPress WP Symposium Plugin Authentication Check Security Bypass

July 26th, 2012

Comments Off

Application: WordPress
Affected Version: version 12.07.07 and other versions.
Vendor’s URL: WP Symposium Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 12.07.14.

Access Bypass, Content Management

WordPress WP Symposium Plugin Multiple SQL Injection

July 26th, 2012

Comments Off

Application: WordPress
Affected Version: version 12.06.16 and other versions.
Vendor’s URL: WP Symposium Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 12.07.01 or later.

Content Management, SQL Injection

WordPress A Page Flip Book Plugin “pageflipbook_language” File Inclusion

July 26th, 2012

Comments Off

Application: WordPress
Affected Version: version 2.3 and other versions.
Vendor’s URL: A Page Flip Book Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Sendit Newsletter Plugin “id” SQL Injection

July 26th, 2012

Comments Off

Application: WordPress
Affected Version: version 2.1.0 and other versions.
Vendor’s URL: Sendit Newsletter Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

WordPress Flip Book Plugin Arbitrary File Upload

July 26th, 2012

Comments Off

Application: WordPress
Affected Version: version 1.0 and other versions.
Vendor’s URL: Flip Book Plugin
Bug Type: File upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress MoodThingy Mood Rating Widget Plugin Two SQL Injection

July 26th, 2012

Comments Off

Application: WordPress
Affected Version: version 0.9 and other versions.
Vendor’s URL: MoodThingy Mood Rating Widget Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 0.9.2.

Content Management, SQL Injection

WordPress Front-end Editor Plugin Arbitrary File Upload

July 26th, 2012

Comments Off

Application: WordPress
Affected Version: version 2.2.1 and other versions.
Vendor’s URL: Front-end Editor Plugin
Bug Type: System Access
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management

WordPress Email Newsletter Plugin Unspecified Vulnerability

July 26th, 2012

Comments Off

Application: WordPress
Affected Version: version 8.0.
Vendor’s URL: Email Newsletter Plugin
Bug Type:
Risk Level: Critical

Solution:
Upgrade to version 9.0.

Content Management

Archive

WordPress Backup Plugin Backup Disclosure

WordPress Mac Photo Gallery Plugin Multiple Script Insertion

WordPress GD Star Rating Plugin Export Security Bypass

WordPress Cimy User Extra Fields Plugin Arbitrary File Upload

WordPress Nmedia Users File Uploader Plugin Arbitrary File Upload

WordPress Resume Submissions & Job Postings Plugin Arbitrary File Upload

WordPress Post Recommendations Plugin “abspath” File Inclusion

Joomla! OS Property Component File Upload

DotNetNuke Multiple Vulnerabilities

Drupal Security Questions Module Security Bypass

WordPress WP Symposium Plugin Authentication Check Security Bypass

WordPress WP Symposium Plugin Multiple SQL Injection

WordPress A Page Flip Book Plugin “pageflipbook_language” File Inclusion

WordPress Sendit Newsletter Plugin “id” SQL Injection

WordPress Flip Book Plugin Arbitrary File Upload

WordPress MoodThingy Mood Rating Widget Plugin Two SQL Injection

WordPress Front-end Editor Plugin Arbitrary File Upload

WordPress Email Newsletter Plugin Unspecified Vulnerability

Categories

Archives