Plugin Vulnerabilities Updates – Week of 3/25/2016
Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week
Plugin Vulnerabilities We Helped Get Fixed This Week
- Reflected cross-site scripting (XSS) vulnerability in BackWPup, discovered by us
Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins
- Arbitrary file viewing vulnerability in eBook download, discovered by Wadeek
- Arbitrary file viewing vulnerability in Import CSV, discovered by Wadeek
- Local file inclusion (LFI) vulnerability in A/B Test for WordPress, discovered by CrashBandicot
- Arbitrary file viewing vulnerability in HB AUDIO GALLERY LITE, discovered by CrashBandicot
- Local file inclusion (LFI) vulnerability in Dharma booking, discovered by AMAR^SHG
- Local file inclusion (LFI) vulnerability in Issuu Panel, discovered by CrashBandicot
- Reflected cross-site scripting (XSS) vulnerability in Facebook with login, discovered by CrashBandicot
- SQL injection vulnerability in Facebook with login, discovered by CrashBandicot
Additional Plugin Vulnerabilities Added This Week
- Reflected cross-site scripting (XSS) vulnerability in Tribulant Slideshow Gallery, discovered by Kacper Szurek
- Reflected cross-site scripting (XSS) vulnerability in BackWPup, discovered by us
- Arbitrary file viewing vulnerability in Memphis Documents Library, discovered by Felipe Molina
- Local file inclusion (LFI) vulnerability in Brandfolder, discovered by AMAR^SHG