Plugin Vulnerabilities Updates – Week of 4/8/2016
Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week
- Reflected cross-site scripting (XSS) vulnerability in WordPress Event Calendar (Spider Event Calendar)
- Reflected cross-site scripting (XSS) vulnerability in Google Language Translator
- Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in Lightbox Plus Colorbox
- Reflected cross-site scripting (XSS) vulnerability in WP Customer Reviews
- Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in WP Customer Reviews
- Cross-site request forgery (CSRF) vulnerability in WP Customer Reviews
Plugin Vulnerabilities We Helped Get Fixed This Week
- Reflected cross-site scripting (XSS) vulnerability in WordPress Event Calendar (Spider Event Calendar), discovered by us
- Reflected cross-site scripting (XSS) vulnerability in WP Customer Reviews, discovered by us
- Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in WP Customer Reviews, discovered by us
- Cross-site request forgery (CSRF) vulnerability in WP Customer Reviews, discovered by us
- Local file inclusion (LFI) vulnerability in Issuu Panel, discovered by CrashBandicot
Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins
- Reflected cross-site scripting (XSS) vulnerability in Google Language Translator, discovered by us
- Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in Lightbox Plus Colorbox, discovered by us
- Arbitrary file viewing vulneraibility in Advanced video embed, discovered by evait security GmbH
Additional Plugin Vulnerabilities Added This Week
- Persistent cross-site scripting (XSS) vulnerability in Cerber Limit Login Attempts, discovered by Gerard Arall
- Reflected cross-site scripting (XSS) vulnerability in WordPress Event Calendar (Spider Event Calendar), discovered by us
- Reflected cross-site scripting (XSS) vulnerability in WP Customer Reviews, discovered by us
- Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in WP Customer Reviews, discovered by us
- Cross-site request forgery (CSRF) vulnerability in WP Customer Reviews, discovered by us
- Privelege escalation vulnerability in User Role Editor, discovered by John Muncaster