[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE Request, multiple WordPress plugins and themes
From: "Seaman, Chad" <cseaman () akamai ! com>
Date: 2015-05-27 18:54:55
Message-ID: 1432752895846.10669 () akamai ! com
[Download RAW message or body]
[Attachment #2 (text/plain)]
These two had their formatting mangled, sorry about that.
* wp-fastest-cache [PLUGIN]
+ url: https://wordpress.org/plugins/wp-fastest-cache/
+ vuln found:
:--|- XSS
* leaflet-maps-marker [PLUGIN]
+ url: https://wordpress.org/plugins/leaflet-maps-marker/
+ vuln found:
:--|- XSS x 2
________________________________
From: Seaman, Chad
Sent: Wednesday, May 27, 2015 2:53 PM
To: oss-security@lists.openwall.com
Cc: cve-assign@mitre.org
Subject: CVE Request, multiple WordPress plugins and themes
I'm not sure if these should be broken down by individual vulnerability or lumped per \
plugin/theme, there are 21 plugins/themes affected in total.
* grand-media [PLUGIN]
+ url: https://wordpress.org/plugins/grand-media/
+ vuln found:
:--|- XSS
:
:--|- LFI
: |- note: only truly exploitable if user sets ALLOW_NO_EXT == true
:
:--|- DoS
: |- note: force to recursively call itself via remote 301 redirects, cripples php-fpm \
w/ nginx :
:--|- Open proxy
* wp-mobile-edition [PLUGIN]
+ url: https://wordpress.org/plugins/wp-mobile-edition/
+ vuln found:
:--|- LFI
: |- note: pre PHP 5.3 is likely (unconfirmed) suspectible to nullbyte injection, \
meaning any file can be read :
:--|- OpenProxy
:
:--|- DoS
: |- note: will process list of files in for loop, aiding DoS capabilities
: |- note: follows 301 redirects, can be used to recursively call itself to exhaustion, \
cripples php-fpm w/ nginx :
:--|- e-mail header injection (spam sandwich)
: |- note: will throw fatal error, but will send e-mail before doing so.
:
:--|- Multiple XSS vulns
* wp-fastest-cache [PLUGIN] + url: https://wordpress.org/plugins/wp-fastest-cache/ + vuln \
found: :--|- XSS * leaflet-maps-marker [PLUGIN] + url: \
https://wordpress.org/plugins/leaflet-maps-marker/ + vuln found: :--|- XSS x 2 * landing-pages \
[PLUGIN] + url: https://wordpress.org/plugins/landing-pages/ + vuln found: :--|- XSS into admin \
session * extended-catagories-widget [PLUGINS] + url: \
https://wordpress.org/plugins/extended-categories-widget/ + vuln found: :--|- post auth admin \
SQLi
* gallery-images [PLUGINS] && gallery-video [PLUGINS]
+ url: https://wordpress.org/plugins/gallery-images/
+ url: https://wordpress.org/plugins/gallery-video/
+ vuln found:
:--|- XSS into admin session (image and video gallery are both affected)
* easy-google-fonts [PLUGIN]
+ url: https://wordpress.org/plugins/easy-google-fonts/
+ vuln found:
:--|- XSS into admin session
* cta [PLUGIN]
+ url: https://wordpress.org/plugins/cta/
+ vuln found:
:--|- CSRF & persistent XSS attack into admin session, and site-wide for visitors
* constant-contact-api [PLUGIN]
+ url: https://wordpress.org/plugins/constant-contact-api/
+ vuln found:
:--|- XSS x 2
* zerif-lite [THEME]
+ url: https://wordpress.org/themes/zerif-lite/
+ vuln found:
:--|- XSS
* colorway [THEME]
+ url: https://wordpress.org/themes/colorway/
+ vuln found:
:--|- e-mail header injection (spam sandwich)
:
:--|- XSS x 3
* charitas-lite [THEME]
+ url: https://wordpress.org/themes/charitas-lite/
+ vuln found:
:--|- e-mail header injection (spam sandwich)
* ariwoo [THEME]
+ url: https://wordpress.org/themes/ariwoo/
+ vuln found:
:--|- e-mail header injection (spam sandwich)
:
:--|- XSS x 3
* kage-green [THEME]
+ url: https://wordpress.org/themes/kage-green/
+ vuln found:
:--|- XSS
* intuition [THEME]
+ url: https://wordpress.org/themes/intuition/
+ vuln found:
:--|- XSS
* imag-mag [THEME]
+ url: https://wordpress.org/themes/imag-mag/
+ vuln found:
:--|- XSS
* fastnews-light [THEME]
+ url: https://wordpress.org/themes/fastnews-light/
+ vuln found:
:--|- XSS
* business-directory [THEME]
+ url: https://wordpress.org/themes/business-directory/
+ vuln found:
:--|- XSS
* boot-store [THEME]
+ url: https://wordpress.org/themes/boot-store/
+ deps: TheCartPress (https://wordpress.org/plugins/thecartpress/)
+ note: theme must be present, plugin must be present, user must not be logged in.
+ vuln found:
:--|- XSS
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic