oss-sec mailing list archives
Re: CVE Request, multiple WordPress plugins and themes
From: "Seaman, Chad" <cseaman () akamai com>
Date: Wed, 27 May 2015 18:54:55 +0000
These two had their formatting mangled, sorry about that. * wp-fastest-cache [PLUGIN] + url: https://wordpress.org/plugins/wp-fastest-cache/ + vuln found: :--|- XSS * leaflet-maps-marker [PLUGIN] + url: https://wordpress.org/plugins/leaflet-maps-marker/ + vuln found: :--|- XSS x 2 ________________________________ From: Seaman, Chad Sent: Wednesday, May 27, 2015 2:53 PM To: oss-security () lists openwall com Cc: cve-assign () mitre org Subject: CVE Request, multiple WordPress plugins and themes I'm not sure if these should be broken down by individual vulnerability or lumped per plugin/theme, there are 21 plugins/themes affected in total. * grand-media [PLUGIN] + url: https://wordpress.org/plugins/grand-media/ + vuln found: :--|- XSS : :--|- LFI : |- note: only truly exploitable if user sets ALLOW_NO_EXT == true : :--|- DoS : |- note: force to recursively call itself via remote 301 redirects, cripples php-fpm w/ nginx : :--|- Open proxy * wp-mobile-edition [PLUGIN] + url: https://wordpress.org/plugins/wp-mobile-edition/ + vuln found: :--|- LFI : |- note: pre PHP 5.3 is likely (unconfirmed) suspectible to nullbyte injection, meaning any file can be read : :--|- OpenProxy : :--|- DoS : |- note: will process list of files in for loop, aiding DoS capabilities : |- note: follows 301 redirects, can be used to recursively call itself to exhaustion, cripples php-fpm w/ nginx : :--|- e-mail header injection (spam sandwich) : |- note: will throw fatal error, but will send e-mail before doing so. : :--|- Multiple XSS vulns * wp-fastest-cache [PLUGIN] + url: https://wordpress.org/plugins/wp-fastest-cache/ + vuln found: :--|- XSS * leaflet-maps-marker [PLUGIN] + url: https://wordpress.org/plugins/leaflet-maps-marker/ + vuln found: :--|- XSS x 2 * landing-pages [PLUGIN] + url: https://wordpress.org/plugins/landing-pages/ + vuln found: :--|- XSS into admin session * extended-catagories-widget [PLUGINS] + url: https://wordpress.org/plugins/extended-categories-widget/ + vuln found: :--|- post auth admin SQLi * gallery-images [PLUGINS] && gallery-video [PLUGINS] + url: https://wordpress.org/plugins/gallery-images/ + url: https://wordpress.org/plugins/gallery-video/ + vuln found: :--|- XSS into admin session (image and video gallery are both affected) * easy-google-fonts [PLUGIN] + url: https://wordpress.org/plugins/easy-google-fonts/ + vuln found: :--|- XSS into admin session * cta [PLUGIN] + url: https://wordpress.org/plugins/cta/ + vuln found: :--|- CSRF & persistent XSS attack into admin session, and site-wide for visitors * constant-contact-api [PLUGIN] + url: https://wordpress.org/plugins/constant-contact-api/ + vuln found: :--|- XSS x 2 * zerif-lite [THEME] + url: https://wordpress.org/themes/zerif-lite/ + vuln found: :--|- XSS * colorway [THEME] + url: https://wordpress.org/themes/colorway/ + vuln found: :--|- e-mail header injection (spam sandwich) : :--|- XSS x 3 * charitas-lite [THEME] + url: https://wordpress.org/themes/charitas-lite/ + vuln found: :--|- e-mail header injection (spam sandwich) * ariwoo [THEME] + url: https://wordpress.org/themes/ariwoo/ + vuln found: :--|- e-mail header injection (spam sandwich) : :--|- XSS x 3 * kage-green [THEME] + url: https://wordpress.org/themes/kage-green/ + vuln found: :--|- XSS * intuition [THEME] + url: https://wordpress.org/themes/intuition/ + vuln found: :--|- XSS * imag-mag [THEME] + url: https://wordpress.org/themes/imag-mag/ + vuln found: :--|- XSS * fastnews-light [THEME] + url: https://wordpress.org/themes/fastnews-light/ + vuln found: :--|- XSS * business-directory [THEME] + url: https://wordpress.org/themes/business-directory/ + vuln found: :--|- XSS * boot-store [THEME] + url: https://wordpress.org/themes/boot-store/ + deps: TheCartPress (https://wordpress.org/plugins/thecartpress/) + note: theme must be present, plugin must be present, user must not be logged in. + vuln found: :--|- XSS
Current thread:
- CVE Request, multiple WordPress plugins and themes Seaman, Chad (May 27)
- Re: CVE Request, multiple WordPress plugins and themes Seaman, Chad (May 27)
- Re: CVE Request, multiple WordPress plugins and themes Henri Salo (May 27)
- Re: CVE Request, multiple WordPress plugins and themes cve-assign (May 28)
- Re: Re: CVE Request, multiple WordPress plugins and themes Seaman, Chad (May 28)
- Re: CVE Request, multiple WordPress plugins and themes cve-assign (May 28)