13 May

Plugin Vulnerabilities Updates – Week of 5/13/2016

Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week

Plugin Vulnerabilities We Helped Get Fixed This Week

Authenticated arbitrary file upload vulnerability in WP Editor, discovered by us
Cross-site request forgery (CSRF)/arbitrary file upload vulnerability in WP Editor, discovered by us
Authenticated file modification vulnerability in WP Editor, discovered by us
Cross-site request forgery (CSRF)/file modification vulnerability in WP Editor, discovered by us

Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins

Reflected cross-site scripting (XSS) vulnerability in Forget About Shortcode Buttons, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in Pondol Carousel, discovered by Larry W. Cashdollar
Cross-site request forgery (CSRF) vulnerability in Yoast SEO, discovered by us
Information disclosure vunerability in Yoast SEO, discovered by us

Additional Plugin Vulnerabilities Added This Week

Privilege escalation vulnerability in Profile Builder, discovered by Abhineet
Authenticated local file inclusion vulnerability in Nelio AB Testing, discovered by Henri Salo
SQL Injection vulnerability in Event Registration, discovered by Michael Helwig
Persistent cross-site scripting (XSS) vulnerability in Event Registration, discovered by Michael Helwig
Authenticated arbitrary file upload vulnerability in WP Editor, discovered by us
Cross-site request forgery (CSRF)/arbitrary file upload vulnerability in WP Editor, discovered by us
Authenticated file modification vulnerability in WP Editor, discovered by us
Cross-site request forgery (CSRF)/file modification vulnerability in WP Editor, discovered by us
Authenticated file viewing vulnerability in WP Editor, discovered buy us