Archive

Archive for July, 2012

WordPress Backup Plugin Backup Disclosure

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 2.1.
Vendor’s URL: Backup Plugin
Bug Type: information disclosure
Risk Level: Critical

Solution:
Update to version 2.1.

Content Management, Information Disclosure

WordPress Mac Photo Gallery Plugin Multiple Script Insertion

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.10 and other versions.
Vendor’s URL: Mac Photo Gallery Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Upgrade to version 3.0.

Content Management, Cross Site Scripting

WordPress GD Star Rating Plugin Export Security Bypass

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.9.18 and prior versions.
Vendor’s URL: GD Star Rating Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.9.19 or later.

Access Bypass, Content Management

WordPress Cimy User Extra Fields Plugin Arbitrary File Upload

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.3.7 and other versions.
Vendor’s URL: Cimy User Extra Fields Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Nmedia Users File Uploader Plugin Arbitrary File Upload

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.8 and other versions.
Vendor’s URL: Nmedia Users File Uploader Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Upgrade to version 2.0.

Content Management, File Inclusion

WordPress Resume Submissions & Job Postings Plugin Arbitrary File Upload

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.5.1 and other versions.
Vendor’s URL: Resume Submissions & Job Postings Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Post Recommendations Plugin “abspath” File Inclusion

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.1.2 and other versions.
Vendor’s URL: Post Recommendations Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

Joomla! OS Property Component File Upload

July 26th, 2012
Comments Off

Application: Joomla!
Affected Version: version 2.0 and other versions.
Vendor’s URL: OS Property Component
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 2.0.3.

Content Management, File Inclusion

DotNetNuke Multiple Vulnerabilities

July 26th, 2012
Comments Off

Application: DotNetNuke
Affected Version: versions 5.5.0 through 5.6.7 and 6.0.0 through 6.2.0.
Vendor’s URL: DotNetNuke
Bug Type: Security Bypass, Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 5.6.8 or 6.2.1.

Access Bypass, Cross Site Scripting, Discussion Boards

Drupal Security Questions Module Security Bypass

July 26th, 2012
Comments Off

Application: Drupal
Affected Version: versions 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.1.
Vendor’s URL: Security Questions Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to a fixed version.

Access Bypass, Content Management

WordPress WP Symposium Plugin Authentication Check Security Bypass

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 12.07.07 and other versions.
Vendor’s URL: WP Symposium Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 12.07.14.

Access Bypass, Content Management

WordPress WP Symposium Plugin Multiple SQL Injection

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 12.06.16 and other versions.
Vendor’s URL: WP Symposium Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 12.07.01 or later.

Content Management, SQL Injection

WordPress A Page Flip Book Plugin “pageflipbook_language” File Inclusion

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.3 and other versions.
Vendor’s URL: A Page Flip Book Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Sendit Newsletter Plugin “id” SQL Injection

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.1.0 and other versions.
Vendor’s URL: Sendit Newsletter Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

WordPress Flip Book Plugin Arbitrary File Upload

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.0 and other versions.
Vendor’s URL: Flip Book Plugin
Bug Type: File upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress MoodThingy Mood Rating Widget Plugin Two SQL Injection

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 0.9 and other versions.
Vendor’s URL: MoodThingy Mood Rating Widget Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 0.9.2.

Content Management, SQL Injection

WordPress Front-end Editor Plugin Arbitrary File Upload

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.2.1 and other versions.
Vendor’s URL: Front-end Editor Plugin
Bug Type: System Access
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management

WordPress Email Newsletter Plugin Unspecified Vulnerability

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 8.0.
Vendor’s URL: Email Newsletter Plugin
Bug Type:
Risk Level: Critical

Solution:
Upgrade to version 9.0.

Content Management