Plugin Vulnerabilities Updates – Week of 4/22/2016
Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week
- Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in http:BL WordPress Plugin
Plugin Vulnerabilities We Helped Get Fixed This Week
- Reflected cross-site scripting (XSS) vulnerability in CM Tooltip Glossary, discovered by Larry W. Cashdollar
- Reflected cross-site scripting (XSS) vulnerability in Google Language Translator, discovered by us
- Reflected cross-site scripting (XSS) vulnerability in Simplified Content, discovered by Larry W. Cashdollar
- Reflected cross-site scripting (XSS) vulnerability in WPSOLR, discovered by Larry W. Cashdollar
- Reflected cross-site scripting (XSS) vulnerability in Gravity Forms Infusionsoft Add-On, discovered by Larry W. Cashdollar
- Privilege escalation vulnerability in Robo Gallery, discovered by us
Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins
- Reflected cross-site scripting (XSS) vulnerability in Kento Post View Counter, discovered by Shravan Kumar
- Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in Kento Post View Counter, discovered by Shravan Kumar
- Reflected cross-site scripting (XSS) vulnerability in Custom Metas, discovered by Shravan Kumar
- Authenticated persistent cross-site scripting (XSS) vulnerability in Google SEO Pressor Snippet Plugin, discovered by Rahul Pratap Singh
- Reflected cross-site scripting (XSS) vulnerability in EchoSign, discovered by Rahul Pratap Singh
- Reflected cross-site scripting (XSS) vulnerability in Recipes Writer, discovered by Larry W. Cashdollar
- Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in http:BL WordPress Plugin, discovered by us
Additional Plugin Vulnerabilities Added This Week
- Reflected cross-site scripting (XSS) vulnerability in FAQ, discovered by Shravan Kumar
- Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in leenk.me, discovered by Shravan Kumar
- Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in CM Ad Changer, discovered by Rahul Pratap Singh
- Reflected cross-site scripting (XSS) vulnerability in Tweet Wheel, discovered by Rahul Pratap Singh
- Reflected cross-site scripting (XSS) vulnerability in Persian Woocommerce SMS, discovered by Rahul Pratap Singh