Archive

Archive for April, 2014

Drupal Revisioning Information Disclosure Security Issue

April 29th, 2014
Comments Off

Application: Drupal
Affected Version: version 7.x-1.7.
Vendor’s URL: Drupal Revisioning
Bug Type: Information Disclosure
Risk Level:

Solution:
Update to version 7.x-1.8.

Content Management, Information Disclosure

WordPress Jetpack Plugin Security Bypass

April 29th, 2014
Comments Off

Application: WordPress
Affected Version: versions prior to 2.9.3.
Vendor’s URL: Jetpack Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 2.9.3.

Access Bypass, Content Management

WordPress Multiple Vulnerabilities

April 29th, 2014
Comments Off

Application: WordPress
Affected Version: versions prior to 3.8.2.
Vendor’s URL: WordPress
Bug Type: Security Bypass, Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 3.8.3.

Access Bypass, Content Management, Cross Site Scripting

WordPress File Gallery Plugin Settings Arbitrary Command Execution

April 29th, 2014
Comments Off

Application: WordPress
Affected Version: version 1.7.9 and other versions
Vendor’s URL: File Gallery Plugin
Bug Type: System Access
Risk Level: Critical

Solution:
Update to version 1.7.9.2.

Access Bypass, Content Management

WordPress Work The Flow File Upload Plugin Arbitrary File Upload

April 29th, 2014
Comments Off

Application: WordPress
Affected Version: version 1.2.2 and other versions.
Vendor’s URL: Work The Flow File Upload Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Quick Page Post Redirect Plugin Cross-Site Request Forgery

April 29th, 2014
Comments Off

Application: WordPress
Affected Version: version 5.0.5 and prior versions.
Vendor’s URL: Quick Page Post Redirect Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
Update to version 5.0.6.

Content Management, Cross Site Scripting

WordPress Linenity Theme “imgurl” Arbitrary File Disclosure

April 29th, 2014
Comments Off

Application: WordPress
Affected Version: version 1.2.0 and other versions.
Vendor’s URL: Linenity Theme
Bug Type: File Disclosure
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Information Disclosure