Plugin Vulnerabilities Updates – Week of 6/10/2016
Here is what we have been doing to keep your website secure from WordPress plugin vulnerabilities this week:
Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week
- Arbitrary file upload vulnerability in Vertical SlideShow
- Arbitrary file upload vulnerability in wp superb Slideshow
- Arbitrary file upload vulnerability in wp Dreamwork Gallery
- Arbitrary file upload vulnerability in Bliss Gallery
- Arbitrary file upload vulnerability in Image News slider
- Arbitrary file upload vulnerability in YAS Slideshow
- Arbitrary file upload vulnerability in Carousel slideshow
- Arbitrary file upload vulnerability in Levo Slideshow
- Arbitrary file upload vulnerability in Power Zoomer
- Arbitrary file upload vulnerability in Homepage SlideShow
- Arbitrary file upload vulnerability in Smart Slideshow
- Arbitrary file upload vulnerability in Slideshow Pro
- Arbitrary file upload vulnerability in Blaze Slideshow
- Arbitrary file upload vulnerability in Catpro Gallery
- Persistent cross-site scripting (XSS) vulnerability in Flip Slideshow
- Persistent cross-site scripting (XSS) vulnerability in Royal Gallery
Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins
- Reflected cross-site scripting (XSS) vulnerability in Realia, discovered by WICS
- SQL injection Vulnerability in Search Everything, discovered by gnowland
- Arbitrary file upload vulnerability in Vertical SlideShow, discovered by us
- Arbitrary file upload vulnerability in wp superb Slideshow, discovered by us
- Arbitrary file upload vulnerability in wp Dreamwork Gallery, discovered by us
- Arbitrary file upload vulnerability in Bliss Gallery, discovered by us
- Arbitrary file upload vulnerability in Image News slider, discovered by us
- Arbitrary file upload vulnerability in YAS Slideshow, discovered by us
- Arbitrary file upload vulnerability in Carousel slideshow, discovered by us
- Arbitrary file upload vulnerability in Levo Slideshow, discovered by us
- Arbitrary file upload vulnerability in Power Zoomer, discovered by us
- Arbitrary file upload vulnerability in Homepage SlideShow, discovered by us
- Arbitrary file upload vulnerability in Smart Slideshow, discovered by us
- Arbitrary file upload vulnerability in Slideshow Pro, discovered by us
- Arbitrary file upload vulnerability in Blaze Slideshow, discovered by us
- Arbitrary file upload vulnerability in Catpro Gallery, discovered by us
- Persistent cross-site scripting (XSS) vulnerability in Flip Slideshow, discovered by us
- Persistent cross-site scripting (XSS) vulnerability in Royal Gallery, discovered by us
Additional Vulnerabilities Added This Week
- Authenticated SQL Injection vulnerability in Double Opt-In for Download, discovered by Kacper Szurek
- Authentication Bypass in OneLogin SAML SSO, discovered by Jouko Pynnönen