Archive

Archive for January, 2014

WordPress WordFence Plugin “User-Agent” Script Insertion

January 29th, 2014
Comments Off

Application: WordPress
Affected Version: version 3.8.6 and prior versions.
Vendor’s URL: WordFence Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 3.8.7.

Content Management, Cross Site Scripting

Joomla! Sexy Polling Component “answer_id[]” SQL Injection

January 29th, 2014
Comments Off

Application: Joomla!
Affected Version: version 1.0.8 and prior versions.
Vendor’s URL: Sexy Polling Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.0.9.

Content Management, SQL Injection

Drupal Taxonomy Security Bypass and OpenID Account Hijacking

January 29th, 2014
Comments Off

Application: Drupal
Affected Version: 6.x versions prior to 6.30 and 7.x versions prior to 7.26.
Vendor’s URL: Drupal
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to a fixed version.

Access Bypass, Content Management

Drupal Anonymous Posting Module Contact Name Script Insertion

January 29th, 2014
Comments Off

Application: Drupal
Affected Version: versions 7.x-1.2 and 7.x-1.3.
Vendor’s URL: Anonymous Posting Module
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 7.x-1.4.

Content Management, Cross Site Scripting

WordPress Let Them Unsubscribe Plugin Unspecified Vulnerabilities

January 29th, 2014
Comments Off

Application: WordPress
Affected Version: version 1.0.
Vendor’s URL: Let Them Unsubscribe Plugin
Bug Type: -
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management