Plugin Vulnerabilities Updates – Week of 5/13/2016
Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week
- Cross-site request forgery (CSRF) vulnerability in Yoast SEO
- Information disclosure vunerability in Yoast SEO
- Authenticated arbitrary file upload vulnerability in WP Editor
- Cross-site request forgery (CSRF)/arbitrary file upload vulnerability in WP Editor
- Authenticated file modification vulnerability in WP Editor
- Cross-site request forgery (CSRF)/file modification vulnerability in WP Editor
- Authenticated file viewing vulnerability in WP Editor
Plugin Vulnerabilities We Helped Get Fixed This Week
- Authenticated arbitrary file upload vulnerability in WP Editor, discovered by us
- Cross-site request forgery (CSRF)/arbitrary file upload vulnerability in WP Editor, discovered by us
- Authenticated file modification vulnerability in WP Editor, discovered by us
- Cross-site request forgery (CSRF)/file modification vulnerability in WP Editor, discovered by us
Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins
- Reflected cross-site scripting (XSS) vulnerability in Forget About Shortcode Buttons, discovered by Larry W. Cashdollar
- Reflected cross-site scripting (XSS) vulnerability in Pondol Carousel, discovered by Larry W. Cashdollar
- Cross-site request forgery (CSRF) vulnerability in Yoast SEO, discovered by us
- Information disclosure vunerability in Yoast SEO, discovered by us
Additional Plugin Vulnerabilities Added This Week
- Privilege escalation vulnerability in Profile Builder, discovered by Abhineet
- Authenticated local file inclusion vulnerability in Nelio AB Testing, discovered by Henri Salo
- SQL Injection vulnerability in Event Registration, discovered by Michael Helwig
- Persistent cross-site scripting (XSS) vulnerability in Event Registration, discovered by Michael Helwig
- Authenticated arbitrary file upload vulnerability in WP Editor, discovered by us
- Cross-site request forgery (CSRF)/arbitrary file upload vulnerability in WP Editor, discovered by us
- Authenticated file modification vulnerability in WP Editor, discovered by us
- Cross-site request forgery (CSRF)/file modification vulnerability in WP Editor, discovered by us
- Authenticated file viewing vulnerability in WP Editor, discovered buy us