Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 May 2015 18:53:16 +0000
From: "Seaman, Chad" <cseaman@...mai.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
CC: "cve-assign@...re.org" <cve-assign@...re.org>
Subject: CVE Request, multiple WordPress plugins and themes

?

?I'm not sure if these should be broken down by individual vulnerability or lumped per plugin/theme, there are 21 plugins/themes affected in total.


  * grand-media [PLUGIN]
    + url: https://wordpress.org/plugins/grand-media/
    + vuln found:
    :--|- XSS
    :
    :--|- LFI
    :    |- note: only truly exploitable if user sets ALLOW_NO_EXT == true
    :
    :--|- DoS
    :    |- note: force to recursively call itself via remote 301 redirects, cripples php-fpm w/ nginx
    :
    :--|- Open proxy



  * wp-mobile-edition [PLUGIN]
    + url: https://wordpress.org/plugins/wp-mobile-edition/
    + vuln found:
    :--|- LFI
    :    |- note: pre PHP 5.3 is likely (unconfirmed) suspectible to nullbyte injection, meaning any file can be read
    :
    :--|- OpenProxy
    :
    :--|- DoS
    :    |- note: will process list of files in for loop, aiding DoS capabilities
    :    |- note: follows 301 redirects, can be used to recursively call itself to exhaustion, ?cripples php-fpm w/ nginx
    :
    :--|- e-mail header injection (spam sandwich)
    :    |- note: will throw fatal error, but will send e-mail before doing so.
    :
    :--|- Multiple XSS vulns


* wp-fastest-cache [PLUGIN] + url: https://wordpress.org/plugins/wp-fastest-cache/ + vuln found: :--|- XSS * leaflet-maps-marker [PLUGIN] + url: https://wordpress.org/plugins/leaflet-maps-marker/ + vuln found: :--|- XSS x 2 * landing-pages [PLUGIN] + url: https://wordpress.org/plugins/landing-pages/ + vuln found: :--|- XSS into admin session * extended-catagories-widget [PLUGINS] + url: https://wordpress.org/plugins/extended-categories-widget/ + vuln found: :--|- post auth admin SQLi

  * gallery-images [PLUGINS] && gallery-video [PLUGINS]
    + url: https://wordpress.org/plugins/gallery-images/
    + url: https://wordpress.org/plugins/gallery-video/
    + vuln found:
    :--|- XSS into admin session (image and video gallery are both affected)


  * easy-google-fonts [PLUGIN]
    + url: https://wordpress.org/plugins/easy-google-fonts/
    + vuln found:
    :--|- XSS into admin session


  * cta [PLUGIN]
    + url: https://wordpress.org/plugins/cta/
    + vuln found:
    :--|- CSRF & persistent XSS attack into admin session, and site-wide for visitors


  * constant-contact-api [PLUGIN]
    + url: https://wordpress.org/plugins/constant-contact-api/
    + vuln found:
    :--|- XSS x 2


  * zerif-lite [THEME]
    + url: https://wordpress.org/themes/zerif-lite/
    + vuln found:
    :--|- XSS


  * colorway [THEME]
    + url: https://wordpress.org/themes/colorway/
    + vuln found:
    :--|- e-mail header injection (spam sandwich)
    :
    :--|- XSS x 3


  * charitas-lite [THEME]
    + url: https://wordpress.org/themes/charitas-lite/
    + vuln found:
    :--|- e-mail header injection (spam sandwich)


  * ariwoo [THEME]
    + url: https://wordpress.org/themes/ariwoo/
    + vuln found:
    :--|- e-mail header injection (spam sandwich)
    :
    :--|- XSS x 3


  * kage-green [THEME]
    + url: https://wordpress.org/themes/kage-green/
    + vuln found:
    :--|- XSS


  * intuition [THEME]
    + url: https://wordpress.org/themes/intuition/
    + vuln found:
    :--|- XSS


  * imag-mag [THEME]
    + url: https://wordpress.org/themes/imag-mag/
    + vuln found:
    :--|- XSS


  * fastnews-light [THEME]
    + url: https://wordpress.org/themes/fastnews-light/
    + vuln found:
    :--|- XSS


  * business-directory [THEME]
    + url: https://wordpress.org/themes/business-directory/
    + vuln found:
    :--|- XSS


  * boot-store [THEME]
    + url: https://wordpress.org/themes/boot-store/
    + deps: TheCartPress (https://wordpress.org/plugins/thecartpress/)
    + note: theme must be present, plugin must be present, user must not be logged in.
    + vuln found:
    :--|- XSS





Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ