[FD] CSRF in MapSVG Lite could allow an attacker to do almost anything an admin can (WordPress plugin)

Details Software: MapSVG Lite Version: 3.2.3 Homepage: https://en-gb.wordpress.org/plugins/mapsvg-lite-interactive-vector-maps/ Advisory report: https://advisories.dxw.com/advisories/csrf-mapsvg-lite/ CVE: Awaiting assignment CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)

[FD] Unserialization vulnerability in Redirection could allow admin to execute arbitrary code in some circumstances (WordPress plugin)

Details Software: Redirection Version: 2.7.1 Homepage: https://wordpress.org/plugins/redirection/ Advisory report: https://advisories.dxw.com/advisories/unserialization-redirection/ CVE: Awaiting assignment CVSS: 9 (High; AV:N/AC:L/Au:S/C:C/I:C/A:C) Description

[FD] CSRF in Tooltipy (tooltips for WP) could allow anybody to duplicate posts (WordPress plugin)

Details Software: Tooltipy (tooltips for WP) Version: 5.0 Homepage: https://wordpress.org/plugins/bluet-keywords-tooltip-generator/ Advisory report: https://advisories.dxw.com/advisories/csrf-in-tooltipy/ CVE: Awaiting assignment CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N)

[FD] Reflected XSS in Tooltipy (tooltips for WP) could allow anybody to do almost anything an admin can (WordPress plugin)

Details Software: Tooltipy (tooltips for WP) Version: 5.0 Homepage: https://wordpress.org/plugins/bluet-keywords-tooltip-generator/ Advisory report: https://advisories.dxw.com/advisories/xss-in-tooltipy/ CVE: Awaiting assignment CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)

[FD] ACE via file inclusion in Redirection allows admins to execute any PHP file in the filesystem (WordPress plugin)

Details Software: Redirection Version: 2.7.3 Homepage: https://wordpress.org/plugins/redirection/ Advisory report: https://advisories.dxw.com/advisories/ace-file-inclusion-redirection/ CVE: Awaiting assignment CVSS: 9 (High; AV:N/AC:L/Au:S/C:C/I:C/A:C) Description

[FD] CSRF in Metronet Tag Manager allows anybody to do almost anything an admin can (WordPress plugin)

Details Software: Metronet Tag Manager Version: 1.2.7 Homepage: https://wordpress.org/plugins/metronet-tag-manager/ Advisory report: https://advisories.dxw.com/advisories/csrf-metronet-tag-manager/ CVE: Awaiting assignment CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)

[FD] WP ULike allows anybody to delete any row in any WordPress table (WordPress plugin)

Details Software: WP ULike Version: 2.8.1,3.1 Homepage: https://wordpress.org/plugins/wp-ulike/ Advisory report: https://advisories.dxw.com/advisories/wp-ulike-delete-rows/ CVE: Awaiting assignment CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:P) Description WP

[FD] Stored XSS in WP ULike allows unauthorised users to do almost anything an admin can (WordPress plugin)

Details Software: WP ULike Version: 2.8.1,3.1 Homepage: https://wordpress.org/plugins/wp-ulike/ Advisory report: https://advisories.dxw.com/advisories/stored-xss-wp-ulike/ CVE: Awaiting assignment CVSS: 6.4 (Medium; AV:N/AC:L/Au:N/C:P/I:P/A:N) Description Stored

[FD] CSRF in WP User Groups allows anybody to modify user groups and types (WordPress plugin)

Details Software: WP User Groups Version: 2.0.0 Homepage: https://wordpress.org/plugins/wp-user-groups/ Advisory report: https://advisories.dxw.com/advisories/csrf-wp-user-groups/ CVE: Awaiting assignment CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N) Description

[FD] WP Image Zoom allows anybody to cause denial of service (WordPress plugin)

Details Software: WP Image Zoom Version: 1.23 Homepage: http://wordpress.org/plugins/wp-image-zm/ Advisory report: https://advisories.dxw.com/advisories/wp-image-zoom-dos/ CVE: Awaiting assignment CVSS: 7.5 (High; AV:N/AC:L/Au:S/C:N/I:P/A:C) Description WP

[FD] Rating-Widget: Star Review System allows anybody to turn on debug mode and view errors and warnings (WordPress plugin)

Details Software: Rating-Widget: Star Review System Version: 2.8.9 Homepage: https://wordpress.org/plugins/rating-widget/ Advisory report: https://advisories.dxw.com/advisories/rating-widget-debug-mode/ CVE: Awaiting assignment CVSS: 5 (Medium; AV:N/AC:L/Au:N/C:P/I:N/A:N)

[FD] Like Button Rating ♥ LikeBtn allows anybody to set any option (WordPress plugin)

Details Software: Like Button Rating ♥ LikeBtn Version: 2.5.3 Homepage: https://wordpress.org/plugins/likebtn-like-button/ Advisory report: https://advisories.dxw.com/advisories/likebtn-set-any-option/ CVE: Awaiting assignment CVSS: 6.4 (Medium; AV:N/AC:L/Au:N/C:P/I:P/A:N)

[FD] SQLi in Relevanssi might allow an admin to read contents of database (WordPress plugin)

Details Software: Relevanssi Version: 3.5.12,3.6.0 Homepage: https://wordpress.org/plugins/relevanssi/ Advisory report: https://advisories.dxw.com/advisories/sqli-relevanssi/ CVE: Awaiting assignment CVSS: 8.5 (High; AV:N/AC:L/Au:S/C:C/I:C/A:N) Description SQLi

[FD] WordPress does not hash or expire wp_signups.activation_key allowing an attacker with SQL injection to create accounts

Details Software: WordPress Version: 4.8.2 Homepage: https://wordpress.org/ Advisory report: https://security.dxw.com/advisories/wordpress-signups-activation/ CVE: CVE-2017-14990 CVSS: 0 (Low; AV:L/AC:H/Au:M/C:N/I:N/A:N) Description WordPress does not hash or

[FD] CSRF/XSS in Content Audit allowing an unauthenticated attacker to do almost anything an admin can (WordPress plugin)

Details Software: Content Audit Version: 1.9.1 Homepage: https://wordpress.org/plugins/content-audit/ Advisory report: https://security.dxw.com/advisories/csrf-xss-content-audit/ CVE: Awaiting assignment CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N) Description

[FD] Stored XSS in Salutation Responsive WordPress + BuddyPress Theme could allow logged-in users to do almost anything an admin can (WordPress plugin)

Details Software: Salutation Responsive WordPress + BuddyPress Theme Version: 3.0.15 Homepage: https://themeforest.net/item/salutation-responsive-wordpress-buddypress-theme/548199 Advisory report: https://security.dxw.com/advisories/stored-xss-salutation-theme/ CVE: Awaiting

[FD] Reflected XSS in WordPress Download Manager could allow an attacker to do almost anything an admin can (WordPress plugin)

Details Software: WordPress Download Manager Version: 2.9.46,2.9.51 Homepage: https://wordpress.org/plugins/download-manager/ Advisory report: https://security.dxw.com/advisories/xss-download-manager/ CVE: Awaiting assignment CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)

[FD] CSRF/Stored XSS in MSMC – Redirect After Comment could allow unauthenticated individuals to do almost anything (WordPress plugin)

Details Software: MSMC - Redirect After Comment Version: 2.1.2 Homepage: https://wordpress.org/plugins/msmc-redirect-after-comment/ Advisory report: https://security.dxw.com/advisories/csrf-stored-xss-in-msmc-redirect-after-comment/ CVE: Awaiting assignment CVSS: 5.8 (Medium;

[FD] Arbitrary file deletion vulnerability in Image Slider allows authenticated users to delete files (WordPress plugin)

Details Software: Image Slider Version: 1.1.41,1.1.89 Homepage: http://wordpress.org/plugins/image-slider-widget/ Advisory report: https://security.dxw.com/advisories/arbitrary-file-deletion-vulnerability-in-image-slider-allows-authenticated-users-to-delete-files/ CVE: Awaiting

[FD] copy-me vulnerable to CSRF allowing unauthenticated attacker to copy posts (WordPress plugin)

Details Software: copy-me Version: 1.0.0 Homepage: http://wordpress.org/plugins/copy-me/ Advisory report: https://security.dxw.com/advisories/copy-me-vulnerable-to-csrf-allowing-unauthenticated-attacker-to-copy-posts/ CVE: Awaiting assignment CVSS: 4.3 (Medium;

[FD] CSRF/stored XSS in Quiz And Survey Master (Formerly Quiz Master Next) allows unauthenticated attackers to do almost anything an admin can (WordPress plugin)

Details Software: Quiz And Survey Master (Formerly Quiz Master Next) Version: 4.5.4,4.7.8 Homepage: https://wordpress.org/plugins/quiz-master-next/ Advisory report:

[FD] Reflected XSS in MailChimp for WordPress could allow an attacker to do almost anything an admin user can (WordPress plugin)

Details Software: MailChimp for WordPress Version: 3.1.5,4.0.10 Homepage: http://wordpress.org/plugins/mailchimp-for-wp/ Advisory report: https://security.dxw.com/advisories/reflected-xss-in-mailchimp-for-wordpress-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/

[FD] CSRF vulnerability in Multisite Post Duplicator could allow an attacker to do almost anything an admin user can do (WordPress plugin)

Details Software: Multisite Post Duplicator Version: 0.9.5.1 Homepage: http://wordpress.org/plugins/multisite-post-duplicator/ Advisory report:

[FD] SQL injection and unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances) (WordPress plugin)

Details Software: Relevanssi Premium Version: v1.14.4 Homepage: https://www.relevanssi.com/ Advisory report:

[FD] Unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances) (WordPress plugin)

Details Software: Relevanssi Premium Version: v1.14.4 Homepage: https://www.relevanssi.com/ Advisory report: https://security.dxw.com/advisories/unserialization-vulnerability-in-relevanssi-premium-could-allow-admins-to-execute-arbitrary-code-in-some-circumstances/ CVE: Awaiting

[FD] Unserialisation in Post Indexer could allow man-in-the-middle to execute arbitrary code (in some circumstances) (WordPress plugin)

Details Software: Post Indexer Version: 3.0.6.1 Homepage: http://premium.wpmudev.org/project/post-indexer/ Advisory report: https://security.dxw.com/advisories/unserialisation-in-post-indexer-could-allow-man-in-the-middle-to-execute-arbitrary-code-in-some-circumstances/ CVE:

[FD] SQL Injection in Post Indexer allows super admins to read the contents of the database (WordPress plugin)

Details Software: Post Indexer Version: 3.0.6.1 Homepage: http://premium.wpmudev.org/project/post-indexer/ Advisory report: https://security.dxw.com/advisories/sql-injection-in-post-indexer-allows-super-admins-to-read-the-contents-of-the-database/ CVE: Awaiting assignment CVSS: 4

[FD] Stored XSS in Advanced Custom Fields: Table Field allows authenticated users to do almost anything an admin user can (WordPress plugin)

Details Software: Advanced Custom Fields: Table Field Version: 1.1.12 Homepage: https://wordpress.org/plugins/advanced-custom-fields-table-field/ Advisory report:

[FD] Full Path Disclosure vulnerability in JM Twitter Cards reveals the location of the WordPress installation on the server (WordPress plugin)

Details Software: JM Twitter Cards Version: 6.0 Homepage: https://wordpress.org/plugins/jm-twitter-cards Advisory report: https://security.dxw.com/advisories/full-path-disclosure-vulnerability-in-jm-twitter-cards-reveals-the-location-of-the-wordpress-installation-on-the-server/

[FD] Publicly exploitable XSS in WordPress plugin Navis Documentcloud (WordPress plugin)

Details Software: Navis DocumentCloud Version: 0.1 Homepage: https://wordpress.org/plugins/navis-documentcloud/ Advisory report: https://security.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/ CVE: CVE-2015-2807 CVSS: 6.4 (Medium;

[FD] CSRF/XSS vulnerability in Private Only could allow an attacker to do almost anything an admin user can (WordPress plugin)

Details Software: Private Only Version: 3.5.1 Homepage: http://wordpress.org/plugins/private-only/ Advisory report: https://security.dxw.com/advisories/csrfxss-vulnerability-in-private-only-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/ CVE: CVE-2015-5483 CVSS:

[FD] Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin)

Details Software: Google Analytics by Yoast Premium Version: 5.4.4 Homepage: https://yoast.com/wordpress/plugins/google-analytics/ Advisory report: https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/ CVE: Awaiting assignment CVSS: 5.5

[FD] Reflected XSS in iframe allows unauthenticated users to do almost anything an admin can (WordPress plugin)

Details Software: iframe Version: 3.0 Homepage: http://wordpress.org/plugins/iframe/ Advisory report: https://security.dxw.com/advisories/reflected-xss-in-iframe-allows-unauthenticated-users-to-do-almost-anything-an-admin-can/ CVE: Awaiting assignment CVSS: 5.8 (Medium;

[FD] Stored XSS in iframe allows less privileged users to do almost anything an admin can (WordPress plugin)

Details Software: iframe Version: 3.0 Homepage: http://wordpress.org/plugins/iframe/ Advisory report: https://security.dxw.com/advisories/stored-xss-in-iframe-allows-less-privileged-users-to-do-almost-anything-an-admin-can/ CVE: Awaiting assignment CVSS: 5.5 (Medium;

Re: [FD] Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin)

, 2015 at 2:16 PM, dxw Security secur...@dxw.com wrote: Timeline 2015-07-21: Discovered 2015-07-22: Reported to vendor via email 2015-07-22: Requested CVE 2015-07-10: Vendor confirmed fixed in version 5.4.5 2015-07-10: Published After the fact, of course, but I guess 2015

[FD] The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin)

Details Software: OAuth2 Complete For WordPress Version: 3.1.3 Homepage: http://wordpress.org/plugins/oauth2-provider/ Advisory report:

[FD] Comment form CSRF in WordPress 4.2.2 allows admin impersonation via comments

Details Software: WordPress Version: 3.8.1,3.8.2,4.2.2 Homepage: http://wordpress.org/ Advisory report: https://security.dxw.com/advisories/comment-form-csrf-allows-admin-impersonation-via-comments-in-wordpress-4-2-2/ CVE: Awaiting assignment CVSS: 4.3 (Medium;

[FD] Reflected XSS in Flickr Justified Gallery could allows unauthenticated attackers to do almost anything an admin can do (WordPress plugin)

Details Software: Flickr Justified Gallery Version: 3.3.6 Homepage: https://wordpress.org/plugins/flickr-justified-gallery/ Advisory report:

[FD] Admin-only local file inclusion and arbitrary code execution in Subscribe to Comments 2.1.2 (WordPress plugin)

Details Software: Subscribe to Comments Version: 2.1.2 Homepage: http://wordpress.org/plugins/subscribe-to-comments/ Advisory report: https://security.dxw.com/advisories/admin-only-local-file-inclusion-and-arbitrary-code-execution-in-subscribe-to-comments-2-1-2/ CVE: Awaiting

[FD] Reflected XSS in The Events Calendar: Eventbrite Tickets allows unauthenticated users to do almost anything an admin can (WordPress plugin)

Details Software: The Events Calendar: Eventbrite Tickets Version: 3.9.6 Homepage: https://theeventscalendar.com/product/wordpress-eventbrite-tickets/ Advisory report:

[FD] Reflected XSS in GD bbPress Attachments allows an attacker to do almost anything an admin can (WordPress plugin)

Details Software: GD bbPress Attachments Version: 2.1 Homepage: http://wordpress.org/plugins/gd-bbpress-attachments/ Advisory report: https://security.dxw.com/advisories/reflected-xss-in-gd-bbpress-attachments-allows-an-attacker-to-do-almost-anything-an-admin-can/ CVE: Awaiting

[FD] CSRF and stored XSS in WordPress Content Slide allow an attacker to have full admin privileges (WordPress plugin)

Details Software: Wordpress Content Slide Version: 1.4.2 Homepage: http://wordpress.org/plugins/content-slide/ Advisory report: https://security.dxw.com/advisories/csrf-and-stored-xss-in-wordpress-content-slide-allow-an-attacker-to-have-full-admin-privileges/ CVE: Awaiting

[FD] CSRF in Contact Form DB allows attacker to delete all stored form submissions (WordPress plugin)

Details Software: Contact Form DB Version: 2.8.29 Homepage: https://wordpress.org/plugins/contact-form-7-to-database-extension/ Advisory report: https://security.dxw.com/advisories/csrf-in-contact-form-db-allows-attacker-to-delete-all-stored-form-submissions/ CVE: CVE-2015-1874

[FD] Blind SQLi vulnerability in Content Audit could allow a privileged attacker to exfiltrate password hashes (WordPress plugin)

Details Software: Content Audit Version: 1.6 Homepage: http://wordpress.org/plugins/content-audit/ Advisory report: https://security.dxw.com/advisories/blind-sqli-vulnerability-in-content-audit-could-allow-a-privileged-attacker-to-exfiltrate-password-hashes/ CVE: CVE-2014-5389

[FD] Information disclosure vulnerability in WordPress Mobile Pack allows anybody to read password protected posts (WordPress plugin)

Details Software: WordPress Mobile Pack Version: 2.0.1 Homepage: http://wordpress.org/plugins/wordpress-mobile-pack/ Advisory report: https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/

[FD] Local File Inclusion in Theme My Login 6.3.9 provides access to arbitrary files and could facilitate arbitrary code execution (WordPress plugin)

Details Software: Theme My Login Version: 6.3.9 Homepage: http://wordpress.org/plugins/theme-my-login/ Advisory report: https://security.dxw.com/advisories/lfi-in-theme-my-login/ CVE: Awaiting assignment CVSS: 6.5 (Medium; AV:N/AC:L/Au:S/C:P/I:P/A:P) Description

[FD] CSRF in Member Approval 131109 permits unapproved registrations (WordPress plugin)

Details Software: Member Approval Version: 131109 Homepage: http://wordpress.org/plugins/member-approval/ Advisory ID: dxw-1970-1172 CVE: CVE-2014-3850 CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N) Description CSRF in Member Approval 131109 permits unapproved

[FD] Arbitrary code execution by admins in File Gallery 1.7.7 (WordPress plugin)

Details Software: File Gallery Version: 1.7.7,1.7.9 Homepage: http://wordpress.org/plugins/file-gallery/ Advisory ID: dxw-1970-638 CVE: CVE-2014-2558 CVSS: 8 (High; AV:N/AC:L/Au:S/C:C/I:P/A:P) Description Arbitrary code execution by admins in File Gallery 1.7.7