More vulnerabilities in poorly coded plugins for y'all. Ninja Forms v2.77 - Authorization bypass (regular users can delete forms, etc) Contact Form v3.83 - Email header injection WP to Twitter v2.9.3 - Authorization bypass (regular users can tweet to the admin's twitter account) Xhanch - My Twitter v2.7.7 - CSRF (create and delete tweets) TinyMCE Advanced v4.1 - (insignificant) CSRF W3 Total Cache v0.9.4 - (minor) CSRF WordPress Download Manager v2.6.92 - Authorization bypass (regular users can upload/delete arbitrary files, yes, even php files) Wordfence Security v5.2.2 - Stored XSS
Details and POCs located: https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-2/ More to follow. -Voxel@Night _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
