The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of WordPress Plugins ~ not comprehensive

computer vulnerability CVE-2018-10969

WordPress Pie Register: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Pie Register, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 15/06/2018.
Identifiers: CVE-2018-10969, VIGILANCE-VUL-26435.

Description of the vulnerability

The Pie Register plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress Pie Register, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2018-1000505

WordPress Tooltipy: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of WordPress Tooltipy, in order to force the victim to perform operations.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 13/06/2018.
Identifiers: CVE-2018-1000505, VIGILANCE-VUL-26406.

Description of the vulnerability

The Tooltipy plugin can be installed on WordPress.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of WordPress Tooltipy, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 26405

WordPress Tooltipy: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Tooltipy, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 13/06/2018.
Identifiers: VIGILANCE-VUL-26405.

Description of the vulnerability

The Tooltipy plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress Tooltipy, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note 26394

WordPress WP Google Map Plugin: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of WordPress WP Google Map Plugin, in order to read or alter data.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 12/06/2018.
Identifiers: DC-2018-05-002, VIGILANCE-VUL-26394.

Description of the vulnerability

The WordPress WP Google Map Plugin product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of WordPress WP Google Map Plugin, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2018-11709

WordPress wpForo Forum: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress wpForo Forum, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 05/06/2018.
Identifiers: CVE-2018-11709, VIGILANCE-VUL-26316.

Description of the vulnerability

The wpForo Forum plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress wpForo Forum, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2018-11485

WordPress WooCommerce Quick Reports: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress WooCommerce Quick Reports, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 04/06/2018.
Identifiers: CVE-2018-11485, VIGILANCE-VUL-26307.

Description of the vulnerability

The WooCommerce Quick Reports plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress WooCommerce Quick Reports, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2018-11486

WordPress Advance Search for WooCommerce: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Advance Search for WooCommerce, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 04/06/2018.
Identifiers: CVE-2018-11486, VIGILANCE-VUL-26306.

Description of the vulnerability

The Advance Search for WooCommerce plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress Advance Search for WooCommerce, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note 26294

WordPress WooCommerce Checkout For Digital Goods: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of WordPress WooCommerce Checkout For Digital Goods, in order to force the victim to perform operations.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 01/06/2018.
Identifiers: VIGILANCE-VUL-26294.

Description of the vulnerability

The WooCommerce Checkout For Digital Goods plugin can be installed on WordPress.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of WordPress WooCommerce Checkout For Digital Goods, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 26293

WordPress Add Social Share Messenger Buttons Whatsapp and Viber: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of WordPress Add Social Share Messenger Buttons Whatsapp and Viber, in order to force the victim to perform operations.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 01/06/2018.
Identifiers: VIGILANCE-VUL-26293.

Description of the vulnerability

The Add Social Share Messenger Buttons Whatsapp and Viber plugin can be installed on WordPress.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of WordPress Add Social Share Messenger Buttons Whatsapp and Viber, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2018-11580

WordPress Mass Pages/Posts Creator: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Mass Pages/Posts Creator, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 31/05/2018.
Identifiers: CVE-2018-11580, VIGILANCE-VUL-26273.

Description of the vulnerability

The Mass Pages/Posts Creator plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress Mass Pages/Posts Creator, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about WordPress Plugins ~ not comprehensive: