Plugin Vulnerabilities Updates – Week of 2/12/2016
Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins
- Open redirect in Clik stats, discovered by Ashiyane Digital Security Team
- Reflected cross-site scripting (XSS) in WooCommerce Currency Switcher, discovered by Ben Khlifa Fahmi
Additional Plugin Vulnerabilities Added This Week
- Reflected cross-site scripting (XSS) in InstaLinker, discovered by Persian Hack Team
- Reflected cross-site scripting (XSS) in Huge IT Image Gallery, discovered by Kacper Szurek
- Authenticated persistent cross-site scripting (XSS) in Universal Analytics, discovered by Ulrich
- Information disclosure in User Meta Manager, discovered by Panagiotis Vagenas
- Privilege escalation in WooCommerce – Store Toolkit, discovered by Panagiotis Vagenas
- Cross-site request forgery (CSRF)/information disclosure in Duplicator, discovered by RatioSec Research
- Authenticated SQL injection in Booking Calendar Contact Form, discovered by Joaquin Ramirez Martinez
- SQL injection in Booking Calendar Contact Form, discovered by Joaquin Ramirez Martinez
- Cross-site request forgery (CSRF)/cross-site scripting (XSS) in Booking Calendar Contact Form, discovered by Joaquin Ramirez Martinez