The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of WordPress Plugins ~ not comprehensive

computer vulnerability note CVE-2018-9020

WordPress Events Manager: Cross Site Scripting via mapTitle

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via mapTitle of WordPress Events Manager, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 26/03/2018.
Identifiers: CVE-2018-9020, VIGILANCE-VUL-25649.

Description of the vulnerability

The Events Manager plugin can be installed on WordPress.

However, it does not filter received data via mapTitle before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via mapTitle of WordPress Events Manager, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-7543

WordPress Duplicator: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Duplicator, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 16/03/2018.
Identifiers: CVE-2018-7543, VIGILANCE-VUL-25572.

Description of the vulnerability

The Duplicator plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress Duplicator, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-8729

WordPress Activity Log: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Activity Log, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 16/03/2018.
Identifiers: CVE-2018-8729, VIGILANCE-VUL-25569.

Description of the vulnerability

The Activity Log plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress Activity Log, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-1000131

WordPress WP Support Plus Responsive Ticket System: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of WordPress WP Support Plus Responsive Ticket System, in order to read or alter data.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 15/03/2018.
Identifiers: CVE-2018-1000131, VIGILANCE-VUL-25562.

Description of the vulnerability

The WordPress WP Support Plus Responsive Ticket System product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of WordPress WP Support Plus Responsive Ticket System, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2018-0547

WordPress Import any XML or CSV File to WordPress: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Import any XML or CSV File to WordPress, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 08/03/2018.
Identifiers: CVE-2018-0547, JVN#60032768, VIGILANCE-VUL-25500.

Description of the vulnerability

The Import any XML or CSV File to WordPress plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress Import any XML or CSV File to WordPress, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-0546

WordPress Import any XML or CSV File to WordPress: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Import any XML or CSV File to WordPress, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 08/03/2018.
Identifiers: CVE-2018-0546, JVN#33527174, VIGILANCE-VUL-25499.

Description of the vulnerability

The Import any XML or CSV File to WordPress plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress Import any XML or CSV File to WordPress, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce 25137

WordPress BuddyBoss Media: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress BuddyBoss Media, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 22/01/2018.
Identifiers: VIGILANCE-VUL-25137.

Description of the vulnerability

The BuddyBoss Media plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress BuddyBoss Media, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability 25100

WordPress YITH WooCommerce Wishlist: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of WordPress YITH WooCommerce Wishlist, in order to read or alter data.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 17/01/2018.
Identifiers: VIGILANCE-VUL-25100.

Description of the vulnerability

The WordPress YITH WooCommerce Wishlist product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of WordPress YITH WooCommerce Wishlist, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2017-18032

WordPress Download Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Download Manager, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 17/01/2018.
Identifiers: CVE-2017-18032, dxw-2017-3114, VIGILANCE-VUL-25091.

Description of the vulnerability

The Download Manager plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress Download Manager, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-5373

WordPress Smooth Slider: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of WordPress Smooth Slider, in order to read or alter data.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Creation date: 10/01/2018.
Identifiers: CVE-2018-5373, DC-2018-01-004, VIGILANCE-VUL-25002.

Description of the vulnerability

The WordPress Smooth Slider product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of WordPress Smooth Slider, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about WordPress Plugins ~ not comprehensive: