[SECURITY-L] Vulnerabilities Monthly Digest for May 2020 - WPScan

CSIRT Unicamp security em unicamp.br
Seg Jun 1 09:26:40 -03 2020 

Hello,

This is your Vulnerabilities Monthly Digest for May 2020.
WordPress Plugin Vulnerabilities

   - Multi Scheduler <= 1.0.0 - Arbitrary Record Deletion via CSRF
   <https://wpvulndb.com/vulnerabilities/10245>
   - MapPress Maps < 2.54.6 - Improper Capability Checks in AJAX Calls
   <https://wpvulndb.com/vulnerabilities/10246>
   - bbPress < 2.6.5 - Authenticated Stored Cross-Site Scripting via the
   forums list table <https://wpvulndb.com/vulnerabilities/10244>
   - bbPress 2.6-2.6.5 - Authenticated Privilege Escalation via the Super
   Moderator feature <https://wpvulndb.com/vulnerabilities/10243>
   - bbPress < 2.6.5 - Unauthenticated Privilege Escalation when New User
   Registration enabled <https://wpvulndb.com/vulnerabilities/10242>
   - Final Tiles Gallery < 3.4.19 - Authenticated Stored Cross-Site
   Scripting (XSS) <https://wpvulndb.com/vulnerabilities/10241>
   - Page Builder: PageLayer - Drag and Drop website builder < 1.1.2 - CSRF
   leading to XSS <https://wpvulndb.com/vulnerabilities/10240>
   - Page Builder: PageLayer - Drag and Drop website builder < 1.1.2 -
   Unprotected AJAX's leading to XSS
   <https://wpvulndb.com/vulnerabilities/10239>
   - Drag and Drop Multiple File Upload for Contact Form 7 < 1.3.3.3 -
   Unauthenticated File Upload Bypass
   <https://wpvulndb.com/vulnerabilities/10238>
   - Form Maker by 10Web <= 1.13.35 - Authenticated SQL Injection
   <https://wpvulndb.com/vulnerabilities/10237>
   - Official MailerLite Sign Up Forms < 1.4.5 - Multiple CSRF Issues
   <https://wpvulndb.com/vulnerabilities/10236>
   - Official MailerLite Sign Up Forms < 1.4.4 - Unauthenticated SQL
   Injection <https://wpvulndb.com/vulnerabilities/10235>
   - Add-on SweetAlert Contact Form 7 < 1.0.8 - Authenticated Stored
   Cross-Site Scripting (XSS) <https://wpvulndb.com/vulnerabilities/10233>
   - ThirstyAffiliates < 3.9.3 - Authenticated Stored XSS
   <https://wpvulndb.com/vulnerabilities/10234>
   - WP Frontend Profile < 1.2.2 - CSRF Check Incorrectly Implemented
   <https://wpvulndb.com/vulnerabilities/10232>
   - Paid Memberships Pro < 2.3.3 - Authenticated SQL Injection
   <https://wpvulndb.com/vulnerabilities/10231>
   - Ajax Load More < 5.3.2 - Authenticated SQL Injection
   <https://wpvulndb.com/vulnerabilities/10230>
   - Visual Composer < 27.0 - Multiple Authenticated Cross-Site Scripting
   Issues <https://wpvulndb.com/vulnerabilities/10229>
   - Team Members < 5.0.4 - Authenticated Stored Cross-Site Scripting (XSS)
   <https://wpvulndb.com/vulnerabilities/10228>
   - Photo Gallery by 10Web < 1.5.55 - Unauthenticated SQL Injection
   <https://wpvulndb.com/vulnerabilities/10227>
   - WP Product Review < 3.7.6 - Unauthenticated Stored Cross-Site
   Scripting (XSS) <https://wpvulndb.com/vulnerabilities/10226>
   - Login/Signup Popup < 1.5 - Authenticated Stored Cross-Site Scripting
   (XSS) <https://wpvulndb.com/vulnerabilities/10225>
   - Site Kit by Google < 1.8.0 - Privilege Escalation to gain Search
   Console Access <https://wpvulndb.com/vulnerabilities/10224>
   - Easy Testimonials < 3.6 - Authenticated Stored Cross-Site Scripting
   (XSS) <https://wpvulndb.com/vulnerabilities/10223>
   - WooCommerce < 4.1.0 - Unescaped Metadata when Duplicating Products
   <https://wpvulndb.com/vulnerabilities/10220>
   - Page Builder by SiteOrigin < 2.10.16 - CSRF to Reflected Cross-Site
   Scripting (XSS) <https://wpvulndb.com/vulnerabilities/10219>
   - Chopslider <= 3.4 - Unauthenticated Blind SQL Injection
   <https://wpvulndb.com/vulnerabilities/10216>
   - Iframe < 4.5 - Authenticated Stored Cross Site Scripting (XSS)
   <https://wpvulndb.com/vulnerabilities/10221>
   - Ultimate Addons for Elementor < 1.24.2 - Registration Bypass
   <https://wpvulndb.com/vulnerabilities/10215>
   - Elementor Pro < 2.9.4 - Authenticated Arbitrary File Upload
   <https://wpvulndb.com/vulnerabilities/10214>
   - Elementor < 2.9.8 - SVG Sanitizer Bypass leading to Authenticated
   Stored XSS <https://wpvulndb.com/vulnerabilities/10213>
   - Advanced Order Export For WooCommerce < 3.1.4 - Authenticated
   Cross-Site Scripting (XSS) <https://wpvulndb.com/vulnerabilities/10212>
   - WTI Like Post <= 1.4.5 - Authenticated Stored Cross-Site Scripting
   (XSS) <https://wpvulndb.com/vulnerabilities/10210>

WordPress Theme Vulnerabilities

   - Avada < 6.2.3 - Missing Permission Checks leading to Arbitrary Post
   Creation, Edition, Deletion and Stored XSS
   <https://wpvulndb.com/vulnerabilities/10209>

Thank you,
The WPScan Team

===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20200601/deef871a/attachment.html>

Mais detalhes sobre a lista de discussão SECURITY-L