Archive

Archive for March, 2013

WordPress FAQs Manager Plugin Cross-Site Request Forgery and “question” Script Insertion

March 28th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.0 and other versions.
Vendor’s URL: FAQs Manager Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

Joomla! RSFiles! Component “cid” SQL Injection

March 28th, 2013
Comments Off

Application: Joomla!
Affected Version: version 1.0.0 Rev 11 and other versions.
Vendor’s URL: RSFiles! Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

WordPress LeagueManager Plugin Security Bypass and SQL Injection

March 28th, 2013
Comments Off

Application: WordPress
Affected Version: version 3.8 and prior versions.
Vendor’s URL: LeagueManager Plugin
Bug Type: Security Bypass and SQL Injection
Risk Level: Critical

Solution:
Update to version 3.8.1.

Access Bypass, Content Management, SQL Injection

WordPress MailUp Plugin Ajax Functions Security Bypass

March 28th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.3.2 and other versions.
Vendor’s URL: MailUp Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.3.3.

Access Bypass, Content Management

WordPress Events Manager Plugin Multiple Script Insertion

March 28th, 2013
Comments Off

Application: WordPress
Affected Version: version 5.3.5 and prior versions.
Vendor’s URL: Events Manager Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 5.3.6.

Content Management, Cross Site Scripting

WordPress Uploader Plugin Cross-Site Scripting and Arbitrary File Upload Vulnerabilities

March 28th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.0.4 and other versions.
Vendor’s URL: Uploader Plugin
Bug Type: Cross-Site Scripting & File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, File Inclusion

Joomla! Virtuemart 2 Multiple Customfields Filter Module Unspecified Vulnerability

March 28th, 2013
Comments Off

Application: Joomla!
Affected Version: versions prior to 1.6.8.
Vendor’s URL: Virtuemart 2 Multiple Customfields Filter Module
Bug Type:
Risk Level: Critical

Solution:
Update to version 1.6.8.

Content Management

WordPress Comment Rating Plugin Security Bypass Weakness and SQL Injection

March 28th, 2013
Comments Off

Application: WordPress
Affected Version: version 2.9.32 and other versions.
Vendor’s URL: Comment Rating Plugin
Bug Type: Security Bypass & SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management, SQL Injection