1. Reverse Engineering >
  2. Sicherheitslücken >
  3. simple-file-list Plugin up to 4.2.7 on WordPress path traversal

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

simple-file-list Plugin up to 4.2.7 on WordPress path traversal


Exploits vom | Direktlink: vuldb.com Nachrichten Bewertung

A vulnerability, which was classified as critical, was found in simple-file-list Plugin up to 4.2.7 on WordPress (WordPress Plugin). This affects some unknown functionality. Upgrading to version 4.2.8 eliminates this vulnerability....
https://vuldb.com/?id.155199

Externe Quelle mit kompletten Inhalt anzeigen


Zur Startseite von Team IT Security

➤ Weitere Beiträge von Team Security | IT Sicherheit

Ensure latest comments can only be viewed from public posts

vom 1340.5 Punkte ic_school_black_18dp
Issue where comments from password-protected posts and pages could be displayed under certain conditions. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor

Add a new filter to extend set-screen-option

vom 1294.27 Punkte ic_school_black_18dp
Issue where set-screen-option could be misused by plugins leading to privilege escalation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7

Prevent HTML decoding on by setting the proper editor context

vom 1294.27 Punkte ic_school_black_18dp
XSS issue where authenticated users with low privileges were able to add JavaScript to posts in the block editor. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor

Ensure that wp_validate_redirect() sanitizes a wider variety of characters

vom 1294.27 Punkte ic_school_black_18dp
Open redirect issue in wp_validate_redirect(). This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes

vom 1173.38 Punkte ic_school_black_18dp
Update makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function. This vulnerabi

Authenticated XSS issue via theme uploads

vom 1166.27 Punkte ic_school_black_18dp
Unescaped variable could lead to authenticated XSS issue via theme uploads. This vulnerability affects the following application versions: WordPress 3.8 WordPress 3.8.1 WordPress 3.8.2

Issues related to referrer validation in the admin

vom 1105.82 Punkte ic_school_black_18dp
Ensure that admin referrer nonce is valid. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

A way to create a stored XSS to inject Javascript into style tags

vom 1103.92 Punkte ic_school_black_18dp
Reject file paths that contain sub-directory paths. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

Prevent unauthenticated views of publicly queryables content types

vom 1102.27 Punkte ic_school_black_18dp
The static query property was removed in order to prevent unauthenticated view of publicly queryable content types. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1

A server-side request forgery in the way that URLs were validated

vom 1102.27 Punkte ic_school_black_18dp
HTTP API: Protect against hex interpretation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

Escape file name for wp_ajax_upload_attachment to prevent XSS

vom 1047.03 Punkte ic_school_black_18dp
Set also default MIME type to "text/plain" instead of HTML. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.

Improve comment content filtering

vom 977.82 Punkte ic_school_black_18dp
With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7

Team Security Diskussion über simple-file-list Plugin up to 4.2.7 on WordPress path traversal