15 Apr 2016

Plugin Vulnerabilities Updates – Week of 4/15/2016

Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week

Plugin Vulnerabilities We Helped Get Fixed This Week

Reflected cross-site scripting (XSS) vulnerability in ALO EasyMail Newsletter, discovered by us
Reflected cross-site scripting (XSS) vulnerability in Pretty Link Lite, discovered by us
Reflected cross-site scripting (XSS) vulnerability in MiniMax – Page Layout Builder, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in WHIZZ, discovered by Larry W. Cashdollar

Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins

Cross-site request forgery (CSRF)/SQL injection vulnerability in Wp Multiple Meta Box, discovered Dr.Malware
Privilege escalation vulnerability in Robo Gallery, discovered by us
Reflected cross-site scripting (XSS) vulnerability in PhotoXhibit, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in PhotoXhibit, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in Gravity Forms Infusionsoft Add-On, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in Admin Font Editor, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in S3 Video Plugin, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in WPSOLR, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in Tidio Gallery, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in Anti Plagiarism, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in Hero Maps Pro, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in HDW Tube, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in HDW Tube, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in AJAX Random Post, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in New Year Firework, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in Easy Contact Form Builder, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in Indexisto, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in Defa Online Image Protector Free Edition, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in E-Search, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in E-Search, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in Pondol Form to Mail, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in Simpel Reserveren 3, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in Heat Trackr, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in Simplified Content, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in CM Tooltip Glossary, discovered by Larry W. Cashdollar

Additional Plugin Vulnerabilities Added This Week

Reflected cross-site scripting (XSS) vulnerability in ALO EasyMail Newsletter, discovered by us
Reflected cross-site scripting (XSS) vulnerability in Pretty Link Lite, discovered by us
Information disclosure vulnerability in Stop User Enumeration, discovered by Carlos Montiers Aguilera
Reflected cross-site scripting (XSS) vulnerability in MiniMax – Page Layout Builder, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in MW Font Changer, discovered by Larry W. Cashdollar
Reflected cross-site scripting (XSS) vulnerability in WHIZZ, discovered by Larry W. Cashdollar

Leave a Reply Cancel reply