1. Reverse Engineering >
  2. Exploits >
  3. total-security Plugin up to 3.4.0 on WordPress Settings privilege escalation

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

total-security Plugin up to 3.4.0 on WordPress Settings privilege escalation


Exploits vom | Direktlink: vuldb.com Nachrichten Bewertung

A vulnerability classified as problematic has been found in total-security Plugin up to 3.4.0 on WordPress (WordPress Plugin). Affected is an unknown part of the component Settings Handler. Upgrading to version 3.4.1 eliminates this vulnerability....
https://vuldb.com/?id.140472

Externe Quelle mit kompletten Inhalt anzeigen


Zur Startseite von Team IT Security

➤ Weitere Beiträge von Team Security | IT Sicherheit

Ensure latest comments can only be viewed from public posts

vom 1393.86 Punkte ic_school_black_18dp
Issue where comments from password-protected posts and pages could be displayed under certain conditions. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor

Add a new filter to extend set-screen-option

vom 1351.34 Punkte ic_school_black_18dp
Issue where set-screen-option could be misused by plugins leading to privilege escalation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7

Prevent HTML decoding on by setting the proper editor context

vom 1345.8 Punkte ic_school_black_18dp
XSS issue where authenticated users with low privileges were able to add JavaScript to posts in the block editor. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor

Ensure that wp_validate_redirect() sanitizes a wider variety of characters

vom 1345.8 Punkte ic_school_black_18dp
Open redirect issue in wp_validate_redirect(). This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes

vom 1220.09 Punkte ic_school_black_18dp
Update makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function. This vulnerabi

Authenticated XSS issue via theme uploads

vom 1212.7 Punkte ic_school_black_18dp
Unescaped variable could lead to authenticated XSS issue via theme uploads. This vulnerability affects the following application versions: WordPress 3.8 WordPress 3.8.1 WordPress 3.8.2

Issues related to referrer validation in the admin

vom 1149.85 Punkte ic_school_black_18dp
Ensure that admin referrer nonce is valid. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

A way to create a stored XSS to inject Javascript into style tags

vom 1146.15 Punkte ic_school_black_18dp
Reject file paths that contain sub-directory paths. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

Prevent unauthenticated views of publicly queryables content types

vom 1146.15 Punkte ic_school_black_18dp
The static query property was removed in order to prevent unauthenticated view of publicly queryable content types. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1

A server-side request forgery in the way that URLs were validated

vom 1146.15 Punkte ic_school_black_18dp
HTTP API: Protect against hex interpretation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

Escape file name for wp_ajax_upload_attachment to prevent XSS

vom 1086.99 Punkte ic_school_black_18dp
Set also default MIME type to "text/plain" instead of HTML. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.

Improve comment content filtering

vom 1016.74 Punkte ic_school_black_18dp
With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7

Team Security Diskussion über total-security Plugin up to 3.4.0 on WordPress Settings privilege escalation