[SECURITY-L] Vulnerabilities Monthly Digest for May 2020 - WPScan
CSIRT Unicamp
security em unicamp.br
Seg Jun 1 09:26:40 -03 2020
Hello,
This is your Vulnerabilities Monthly Digest for May 2020.
WordPress Plugin Vulnerabilities
- Multi Scheduler <= 1.0.0 - Arbitrary Record Deletion via CSRF
<https://wpvulndb.com/vulnerabilities/10245>
- MapPress Maps < 2.54.6 - Improper Capability Checks in AJAX Calls
<https://wpvulndb.com/vulnerabilities/10246>
- bbPress < 2.6.5 - Authenticated Stored Cross-Site Scripting via the
forums list table <https://wpvulndb.com/vulnerabilities/10244>
- bbPress 2.6-2.6.5 - Authenticated Privilege Escalation via the Super
Moderator feature <https://wpvulndb.com/vulnerabilities/10243>
- bbPress < 2.6.5 - Unauthenticated Privilege Escalation when New User
Registration enabled <https://wpvulndb.com/vulnerabilities/10242>
- Final Tiles Gallery < 3.4.19 - Authenticated Stored Cross-Site
Scripting (XSS) <https://wpvulndb.com/vulnerabilities/10241>
- Page Builder: PageLayer - Drag and Drop website builder < 1.1.2 - CSRF
leading to XSS <https://wpvulndb.com/vulnerabilities/10240>
- Page Builder: PageLayer - Drag and Drop website builder < 1.1.2 -
Unprotected AJAX's leading to XSS
<https://wpvulndb.com/vulnerabilities/10239>
- Drag and Drop Multiple File Upload for Contact Form 7 < 1.3.3.3 -
Unauthenticated File Upload Bypass
<https://wpvulndb.com/vulnerabilities/10238>
- Form Maker by 10Web <= 1.13.35 - Authenticated SQL Injection
<https://wpvulndb.com/vulnerabilities/10237>
- Official MailerLite Sign Up Forms < 1.4.5 - Multiple CSRF Issues
<https://wpvulndb.com/vulnerabilities/10236>
- Official MailerLite Sign Up Forms < 1.4.4 - Unauthenticated SQL
Injection <https://wpvulndb.com/vulnerabilities/10235>
- Add-on SweetAlert Contact Form 7 < 1.0.8 - Authenticated Stored
Cross-Site Scripting (XSS) <https://wpvulndb.com/vulnerabilities/10233>
- ThirstyAffiliates < 3.9.3 - Authenticated Stored XSS
<https://wpvulndb.com/vulnerabilities/10234>
- WP Frontend Profile < 1.2.2 - CSRF Check Incorrectly Implemented
<https://wpvulndb.com/vulnerabilities/10232>
- Paid Memberships Pro < 2.3.3 - Authenticated SQL Injection
<https://wpvulndb.com/vulnerabilities/10231>
- Ajax Load More < 5.3.2 - Authenticated SQL Injection
<https://wpvulndb.com/vulnerabilities/10230>
- Visual Composer < 27.0 - Multiple Authenticated Cross-Site Scripting
Issues <https://wpvulndb.com/vulnerabilities/10229>
- Team Members < 5.0.4 - Authenticated Stored Cross-Site Scripting (XSS)
<https://wpvulndb.com/vulnerabilities/10228>
- Photo Gallery by 10Web < 1.5.55 - Unauthenticated SQL Injection
<https://wpvulndb.com/vulnerabilities/10227>
- WP Product Review < 3.7.6 - Unauthenticated Stored Cross-Site
Scripting (XSS) <https://wpvulndb.com/vulnerabilities/10226>
- Login/Signup Popup < 1.5 - Authenticated Stored Cross-Site Scripting
(XSS) <https://wpvulndb.com/vulnerabilities/10225>
- Site Kit by Google < 1.8.0 - Privilege Escalation to gain Search
Console Access <https://wpvulndb.com/vulnerabilities/10224>
- Easy Testimonials < 3.6 - Authenticated Stored Cross-Site Scripting
(XSS) <https://wpvulndb.com/vulnerabilities/10223>
- WooCommerce < 4.1.0 - Unescaped Metadata when Duplicating Products
<https://wpvulndb.com/vulnerabilities/10220>
- Page Builder by SiteOrigin < 2.10.16 - CSRF to Reflected Cross-Site
Scripting (XSS) <https://wpvulndb.com/vulnerabilities/10219>
- Chopslider <= 3.4 - Unauthenticated Blind SQL Injection
<https://wpvulndb.com/vulnerabilities/10216>
- Iframe < 4.5 - Authenticated Stored Cross Site Scripting (XSS)
<https://wpvulndb.com/vulnerabilities/10221>
- Ultimate Addons for Elementor < 1.24.2 - Registration Bypass
<https://wpvulndb.com/vulnerabilities/10215>
- Elementor Pro < 2.9.4 - Authenticated Arbitrary File Upload
<https://wpvulndb.com/vulnerabilities/10214>
- Elementor < 2.9.8 - SVG Sanitizer Bypass leading to Authenticated
Stored XSS <https://wpvulndb.com/vulnerabilities/10213>
- Advanced Order Export For WooCommerce < 3.1.4 - Authenticated
Cross-Site Scripting (XSS) <https://wpvulndb.com/vulnerabilities/10212>
- WTI Like Post <= 1.4.5 - Authenticated Stored Cross-Site Scripting
(XSS) <https://wpvulndb.com/vulnerabilities/10210>
WordPress Theme Vulnerabilities
- Avada < 6.2.3 - Missing Permission Checks leading to Arbitrary Post
Creation, Edition, Deletion and Stored XSS
<https://wpvulndb.com/vulnerabilities/10209>
Thank you,
The WPScan Team
===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20200601/deef871a/attachment.html>
Mais detalhes sobre a lista de discussão SECURITY-L