1. Reverse Engineering >
  2. Exploits >
  3. Wechat Broadcast Plugin up to 1.2.0 on WordPress Image.php url directory traversal

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Wechat Broadcast Plugin up to 1.2.0 on WordPress Image.php url directory traversal


Exploits vom | Direktlink: vuldb.com Nachrichten Bewertung

A vulnerability was found in Wechat Broadcast Plugin up to 1.2.0 on WordPress (WordPress Plugin). It has been rated as critical. This issue affects an unknown functionality of the file Image.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product....

Externe Webseite mit kompletten Inhalt öffnen



https://vuldb.com/?id.124433

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes

    vom 1174.92 Punkte ic_school_black_18dp
    Update makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function. This vulnerabi
  • A way to create a stored XSS to inject Javascript into style tags

    vom 1107.91 Punkte ic_school_black_18dp
    Reject file paths that contain sub-directory paths. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • Issues related to referrer validation in the admin

    vom 1107.28 Punkte ic_school_black_18dp
    Ensure that admin referrer nonce is valid. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • Prevent unauthenticated views of publicly queryables content types

    vom 1103.71 Punkte ic_school_black_18dp
    The static query property was removed in order to prevent unauthenticated view of publicly queryable content types. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1
  • A server-side request forgery in the way that URLs were validated

    vom 1103.71 Punkte ic_school_black_18dp
    HTTP API: Protect against hex interpretation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • Escape file name for wp_ajax_upload_attachment to prevent XSS

    vom 1046.75 Punkte ic_school_black_18dp
    Set also default MIME type to "text/plain" instead of HTML. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.
  • Improve comment content filtering

    vom 979.1 Punkte ic_school_black_18dp
    With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7
  • Object injection in metadata by contributors

    vom 915.9 Punkte ic_school_black_18dp
    Contributors could craft meta data in a way that could result in PHP object injection. Part of security release 5.0.1 This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1
  • Possible indexed activation screen could lead to exposure of sensitive information

    vom 915.02 Punkte ic_school_black_18dp
    The user activation screen could be indexed by search engines in some uncommon configurations which could lead to exposure of email addresses, and in some rare cases, default generated passwords. Part of security release 5.0.1 This vulnerability aff
  • Bypass MIME verification by specifically crafted files

    vom 915.02 Punkte ic_school_black_18dp
    Authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability. Part of security release 5.0.1 This vulnerability affects the following application versions: Wo
  • Ability to create unauthorized posts types

    vom 915.02 Punkte ic_school_black_18dp
    Authors could create posts of unauthorized post types with specially crafted input. Part of security release 5.0.1 This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1
  • Use the correct escaping function when outputting the meta box context to prevent XSS

    vom 879.41 Punkte ic_school_black_18dp
    Official description: Use the correct escaping function when outputting the meta box context. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7

Team Security Diskussion über Wechat Broadcast Plugin up to 1.2.0 on WordPress Image.php url directory traversal