The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of WordPress Plugins ~ not comprehensive

computer vulnerability announce CVE-2018-17946

WordPress Tribulant Slideshow Gallery: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Tribulant Slideshow Gallery, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 04/10/2018.
Identifiers: CVE-2018-17946, DC-2017-01-014, VIGILANCE-VUL-27417.

Description of the vulnerability

The Tribulant Slideshow Gallery plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress Tribulant Slideshow Gallery, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2018-17140

WordPress Quizlord: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Quizlord, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 18/09/2018.
Identifiers: CVE-2018-17140, VIGILANCE-VUL-27253.

Description of the vulnerability

The Quizlord plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress Quizlord, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-17138

WordPress Jibu Pro: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Jibu Pro, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 18/09/2018.
Identifiers: CVE-2018-17138, VIGILANCE-VUL-27252.

Description of the vulnerability

The Jibu Pro plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress Jibu Pro, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-17074

WordPress Feed Statistics: open redirect

Synthesis of the vulnerability

An attacker can deceive the user of WordPress Feed Statistics, in order to redirect him to a malicious site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 1/4.
Creation date: 17/09/2018.
Identifiers: CVE-2018-17074, VIGILANCE-VUL-27242.

Description of the vulnerability

The Feed Statistics plugin can be installed on WordPress.

However, the web service accepts to redirect the victim with no warning, to an external site indicated by the attacker.

An attacker can therefore deceive the user of WordPress Feed Statistics, in order to redirect him to a malicious site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2018-16363

WordPress File Manager: Cross Site Scripting via Storage

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Storage of WordPress File Manager, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 10/09/2018.
Identifiers: CVE-2018-16363, VIGILANCE-VUL-27184.

Description of the vulnerability

The File Manager plugin can be installed on WordPress.

However, it does not filter received data via Storage before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Storage of WordPress File Manager, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2018-16285

WordPress UserPro: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress UserPro, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 07/09/2018.
Identifiers: CVE-2018-16285, VIGILANCE-VUL-27178.

Description of the vulnerability

The UserPro plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress UserPro, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2018-16159

WordPress Gift Voucher: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of WordPress Gift Voucher, in order to read or alter data.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 31/08/2018.
Identifiers: CVE-2018-16159, VIGILANCE-VUL-27120.

Description of the vulnerability

The WordPress Gift Voucher product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of WordPress Gift Voucher, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-14430

WordPress Mondula Multi Step Form: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Mondula Multi Step Form, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 26/07/2018.
Identifiers: CVE-2018-14430, VIGILANCE-VUL-26849.

Description of the vulnerability

The Mondula Multi Step Form plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress Mondula Multi Step Form, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 26845

WordPress Gwolle Guestbook: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Gwolle Guestbook, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 25/07/2018.
Identifiers: DC-2018-05-008, VIGILANCE-VUL-26845.

Description of the vulnerability

The Gwolle Guestbook plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress Gwolle Guestbook, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note 26844

WordPress Strong Testimonials: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Strong Testimonials, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 25/07/2018.
Identifiers: DC-2018-05-007, VIGILANCE-VUL-26844.

Description of the vulnerability

The Strong Testimonials plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress Strong Testimonials, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about WordPress Plugins ~ not comprehensive: