Lucene search
SiddikiH1:117080HistoryFeb 18, 2016 - 3:27 a.m.
Uber: Multiple Vulnerabilities (Including SQLi) in love.uber.com
2016-02-1803:27:31
siddiki
hackerone.com
$250
80
0.008 Low
EPSS
Percentile
82.0%
Hi,
I noticed you are using a critically vulnerable version of WMPL.
By accessing http://love.uber.com/wp-content/plugins/sitepress-multilingual-cms/changelog.md,
Attacker could find out http://love.uber.com/ is running WMPL version 3.1.8.4
######Which is Vulnerable to,
- SQL injection which gives full access to the WordPress database.
- Page, post and menu deletion by an unauthenticated attacker
- Unauthenticated administrative functions which may lead to RCE (remote code execution)
- Cross Site Scripting (XSS)
###SOURCES:
- https://klikki.fi/adv/wpml.html
- https://vulners.com/cve/CVE-2015-2791
- https://www.exploit-db.com/exploits/36414/
- http://darkmatters.norsecorp.com/2015/03/16/four-wordpress-wpml-plugin-vulnerabilities-impact-400000-websites/
###FIX:
According to Official WPML Security update,
System administrators should update to at-least version 3.1.9 which was released on march 11th, 2015 to resolve these issues.
looking forward!
Related
nvd
nvd
CVE-2015-2791
2015-03-30 14:59:11
patchstack
patchstack
WordPress WPML Plugin <= 3.1.8 - SQL Injection #1
2015-03-30 00:00:00
cvelist
cvelist
CVE-2015-2791
2015-03-30 14:00:00
cve
cve
CVE-2015-2791
2015-03-30 14:59:11
prion
prion
Design/Logic Flaw
2015-03-30 14:59:00
wpvulndb
wpvulndb
WPML <= 3.1.7.2 - Multiple Vulnerabilities (Including SQLi)
2015-03-12 00:00:00
kaspersky
kaspersky
KLA10491 Multiple vulnerabilities in WordPress plugins
2015-03-17 00:00:00