Archive

Archive for January, 2013

WordPress ReFlex Gallery Plugin Arbitrary File Upload

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.4 and other versions
Vendor’s URL: ReFlex Gallery Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress WP Symposium Plugin Multiple SQL Injection

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 12.09 and other versions.
Vendor’s URL: WP Symposium Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 12.12.

Content Management, SQL Injection

WordPress Simple Login Log Plugin Multiple Vulnerabilities

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 0.9.3 and prior versions.
Vendor’s URL: Simple Login Log Plugin
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 0.9.4.

Content Management, Cross Site Scripting, SQL Injection

WordPress Zingiri Forum Plugin “url” Arbitrary File Disclosure

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.4.2 and other versions.
Vendor’s URL: Zingiri Forum Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 1.4.4.

Content Management, File Inclusion

WordPress Store Locator Plus Plugin “query” SQL Injection

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 3.8.6 and prior versions.
Vendor’s URL: Store Locator Plus Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.8.7

Content Management, SQL Injection

WordPress Browser Rejector Plugin “wppath” Remote File Inclusion

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 2.10 and prior versions.
Vendor’s URL: Browser Rejector Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 2.11.

Content Management, File Inclusion

WordPress WP SlimStat Plugin “s” Script Insertion

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 2.8.4 and prior versions.
Vendor’s URL: WP SlimStat Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 2.8.5

Content Management, Cross Site Scripting

MyBB Profile Wii Friend Code Plugin Cross-Site Scripting and SQL Injection

January 25th, 2013
Comments Off

Application: MyBB
Affected Version: version 1.0 and other versions.
Vendor’s URL: Profile Wii Friend Code Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, Discussion Boards, SQL Injection

WordPress WPScientist Multiple Themes Arbitrary File Upload

January 25th, 2013
Comments Off

Application: WordPress
Affected Version:
* Lightspeed version 1.1.2
* Eptonic version 1.4.3
* Nuance version 1.2.3
Vendor’s URL: WPScientist Multiple Themes
* Lightspeed version 1.1.2
* Eptonic version 1.4.3
* Nuance version 1.2.3
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Google Doc Embedder Plugin Arbitrary File Disclosure

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 2.4.6 and other versions.
Vendor’s URL: Google Doc Embedder Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 2.5.4.

Content Management, File Inclusion

CubeCart Multiple Vulnerabilities

January 25th, 2013
Comments Off

Application: CubeCart
Affected Version: version 5.1.5 and other versions
Vendor’s URL: CubeCart
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, E-Commerce

WordPress Xerte Online Plugin Arbitrary File Upload

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 0.32 and other versions.
Vendor’s URL: Xerte Online Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Shopping Cart Plugin Multiple SQL Injection

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 8.1.14 and other versions.
Vendor’s URL: Shopping Cart Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 8.1.15.

Content Management, SQL Injection

MyBB HM_My Country Flags Plugin “cnam” SQL Injection

January 25th, 2013
Comments Off

Application: MyBB
Affected Version: version 1.1 and other versions.
Vendor’s URL: Country Flags Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Discussion Boards, SQL Injection