Plugin Vulnerabilities Updates – Week of 3/18/2016
Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week
Plugin Vulnerabilities We Helped Get Fixed This Week
- Cross-site request forgery vulnerability in Nextend Facebook Connect, discovered by Aimad-Eddine Gaboune
- Authenticated remote code execution vulnerability in SP Project & Document Manager, discovered by Michael Helwig
- Arbitrary file viewing vulnerability in Site Import, discovered by Wadeek
- Persistent cross-site scripting (XSS) vulnerability in DW Question & Answer, discovered by Rahul Pratap Singh
Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins
- Remote page inclusion vulnerability in Site Import, discovered by Wadeek
- Persistent cross-site scripting (XSS) vulnerability in Resume Submissions & Job Postings, discovered by us
Additional Plugin Vulnerabilities Added This Week
- Cross-site request forgery vulnerability in Nextend Facebook Connect, discovered by Aimad-Eddine Gaboune
- Arbitrary file viewing vulnerability in Site Import, discovered by Wadeek