WPsecure» Exploits

Open flash chart

wpsecure — Wed, 01 May 2013 18:15:27 +0000

A vulnerability has been discovered in Open flash chart plugin which can be exploited to compromise a vulnerable system.

A list of recent XSS plugin exploits from April.

wpsecure — Wed, 01 May 2013 18:07:37 +0000

WordPress Facebook Members – 5.0.4 – XSS
WordPress FourSquare Checkins Plugin – 1.2 – XSS
WordPress Formidable Pro – 1.06.08 - XSS
All in One Webmaster plugin – 8.2.3 – XSS
WordPress Background Music Plugin “jPlayer” – 1.0 – XSS
Haiku minimalist audio player – 1.0 - XSS
Jammer plugin – 0.2 - XSS
SyntaxHighlighter Evolved – 3.1.6 – XSS
Top 10 plugin – 1.9.2 – XSS
Easy AdSense Lite – 6.06 – XSS
WordPress Social Media Widget Plugin – versions 3.1, 3.2, and 3.3 before 2013-04-11 and in version 4.0.

WordPress SEO by Yoast

wpsecure — Wed, 10 Apr 2013 18:29:28 +0000

A vulnerability has been discovered in WordPress SEO by Yoast which can be exploited to compromise a vulnerable system.

WP125 Ad squares plugin

wpsecure — Wed, 10 Apr 2013 18:25:38 +0000

A vulnerability has been discovered in the WP125 plugin which can be exploited to compromise a vulnerable system.

WP-DownloadManager

wpsecure — Wed, 10 Apr 2013 18:23:10 +0000

A vulnerability has been discovered in the WP-DownloadManager plugin which can be exploited to compromise a vulnerable system.

WP-Print plugin

wpsecure — Wed, 10 Apr 2013 18:18:43 +0000

A vulnerability has been discovered in the WP-Print plugin which can be exploited to compromise a vulnerable system.

Several XSS in the following plugins.

wpsecure — Mon, 01 Apr 2013 17:44:18 +0000

Occasion:

The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. add or delete occasions when a logged-in user visits a specially crafted web page.

The vulnerability is confirmed in version 1.0.4. Other versions may also be affected.

Simply Poll

The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. remove or edit a poll when a logged-in user visits a specially crafted web page.

The vulnerability is reported in version 1.4.1. Other versions may also be affected.

FAQs Manager plugin

1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change plugin settings when a logged-in user visits a specially crafted web page.

2) Input passed via the “question” POST parameter to wp-admin/admin-ajax.php (when “action” is set to “inic_faq_questions”) is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site if malicious data is viewed.

The vulnerabilities are confirmed in version 1.0. Other versions may also be affected.

JC Coupon

wpsecure — Thu, 14 Mar 2013 20:48:12 +0000

A vulnerability has been discovered in the JC Coupon plugin which can be exploited to compromise a vulnerable system.

Tiny URL plugin

wpsecure — Thu, 14 Mar 2013 20:45:24 +0000

A vulnerability has been discovered in the Tiny URL plugin which can be exploited to compromise a vulnerable system

Cleeng Content Monetization

wpsecure — Thu, 14 Mar 2013 20:43:09 +0000

A vulnerability has been discovered in the Cleeng Content Monetization plugin which can be exploited to compromise a vulnerable system