WordPress Jetpack Plugin Security Bypass
Application: WordPress
Affected Version: versions prior to 2.9.3.
Vendor’s URL: Jetpack Plugin
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to version 2.9.3.
Application: WordPress
Affected Version: versions prior to 2.9.3.
Vendor’s URL: Jetpack Plugin
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to version 2.9.3.
Application: WordPress
Affected Version: versions prior to 3.8.2.
Vendor’s URL: WordPress
Bug Type: Security Bypass, Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 3.8.3.
Application: WordPress
Affected Version: version 1.7.9 and other versions
Vendor’s URL: File Gallery Plugin
Bug Type: System Access
Risk Level: Critical
Solution:
Update to version 1.7.9.2.
Application: CosmoShop
Affected Version: version 10.17.00 and other versions.
Vendor’s URL: CosmoShop ePRO
Bug Type: Security Bypass
Risk Level: Critical
Solution:
No official solution is currently available.
Application: Joomla!
Affected Version: versions 2.5.18, 3.2.1 and 3.2.2
Vendor’s URL: Joomla!
Bug Type: Security Bypass, Cross Site Scripting, SQL Injection
Risk Level: Critical
Solution:
Update to version 2.5.19 or 3.2.3.
Access Bypass, Content Management, Cross Site Scripting, SQL Injection
Application: Drupal
Affected Version: 7.x-1.x versions prior to 7.x-2.0.
Vendor’s URL: Slickgrid Module
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to version 7.x-2.0.
Application: WordPress
Affected Version: version 1.9.1 and prior versions.
Vendor’s URL: BuddyPress Plugin
Bug Type: Script Insertion and Security Bypass
Risk Level: Critical
Solution:
Update to version 1.9.2.
Application: Zabbix
Affected Version: versions prior to 2.0.11 and 2.2.2.
Vendor’s URL: Zabbix
Bug Type: User Spoofing and Security Bypass
Risk Level: Critical
Solution:
Update to version 2.0.11 or 2.2.2.
Application: Drupal
Affected Version: 7.x-1.x versions prior to 7.x-3.7.
Vendor’s URL: Drupal Services Module
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to version 7.x-3.7.
Application: ImpressCMS
Affected Version: versions 1.3.5, 1.3.6, and 1.3.6.1 and other versions.
Vendor’s URL: ImpressCMS
Bug Type: File Deletion
Risk Level: Critical
Solution:
The vendor has released a fix in version 1.3.6, however, the fix is only partially effective. No official solution is currently available.
Application: Drupal
Affected Version: 6.x versions prior to 6.30 and 7.x versions prior to 7.26.
Vendor’s URL: Drupal
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to a fixed version.
Application: WordPress
Affected Version: version 1.2 and other versions.
Vendor’s URL: Advanced Dewplayer Plugin
Bug Type: Access Bypass
Risk Level: Critical
Solution:
No official solution is currently available.
Application: WHMCS
Affected Version: versions prior to 5.1.14 and 5.2.13.
Vendor’s URL: WHMCS
Bug Type: Code Execution
Risk Level: Critical
Solution:
Update to version 5.1.14 and 5.2.13.
Application: Simple Machines Forum
Affected Version: versions prior to 2.0.6 and 1.1.19.
Vendor’s URL: Simple Machines Forum
Bug Type: System access
Risk Level: Critical
Solution:
Update to version 2.0.6 or 1.1.19.
Application: WordPress
Affected Version: version 1.4 and other versions.
Vendor’s URL: SEO Watcher Plugin
Bug Type: File Creation
Risk Level: Critical
Solution:
No official solution is currently available.
Application: WordPress
Affected Version: version 2.1.2
Vendor’s URL: WP-SlimStat-Ex Plugin
Bug Type: System Access
Risk Level: Critical
Solution:
No official solution is currently available.
Application: MediaWiki
Affected Version: versions prior to 11.38.2.6 and 11.39.0.15.
Vendor’s URL: CentralAuth Extension
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to a fixed version.
Application: WordPress
Affected Version: version 3.6 and prior versions.
Vendor’s URL: WordPress
Bug Type: Security Bypass, Cross Site Scripting, Spoofing, System access
Risk Level: Critical
Solution:
Update to version 3.6.1.
Application: Drupal
Affected Version: 7.x-1.x versions prior to 7.x-1.4 and the 7.x-2.x versions prior to 7.x-2.1.
Vendor’s URL: RESTful Web Services Module
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to a fixed version.
Application: WordPress
Affected Version: version 3.5.1 and prior versions.
Vendor’s URL: WordPress
Bug Type: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, DoS
Risk Level: Critical
Solution:
Update to version 3.5.2.
Access Bypass, Content Management, Cross Site Scripting, Information Disclosure