EUVD-2010-4371

Malware in sbrugna...

EUVD-2010-4372

Malware in sbrugna...

CVE-2010-4403

The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to 1 dashwidget.php and 2 register-plus.php, which reveals the installation path in an error message...

Information disclosure

The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to 1 dashwidget.php and 2 register-plus.php, which reveals the installation path in an error message...

CVE-2010-4403

The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to 1 dashwidget.php and 2 register-plus.php, which reveals the installation path in an error message...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 firstname, 2 lastname, 3 website, 4 aim, 5 yahoo, 6 jabber, 7 about, 8 pass1, and 9 pass2 parameter...

CVE-2010-4402

Multiple cross-site scripting XSS vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 firstname, 2 lastname, 3 website, 4 aim, 5 yahoo, 6 jabber, 7 about, 8 pass1, and 9 pass2 parameter...

CVE-2010-4402

The CVE refers to WordPress Register Plus Plugin before or at version 3.5.1, where wp-login.php exposes multiple XSS flaws. The root cause is unsanitized/reflective input in the register action, enabling remote attackers to inject arbitrary script or HTML via the 9 parameters: firstname, lastname...

CVE-2010-4403

The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to 1 dashwidget.php and 2 register-plus.php, which reveals the installation path in an error message...

WordPress Register Plus Plugin <= 3.5.1 - Multiple XSS

Because of these vulnerabilities in wp-login.php, the attackers can inject arbitrary web script or HTML via the "website", "aim", "yahoo", "jabber", "firstname", "lastname", "about", "pass1", and "pass2" parameters in a register action. Solution Update the plugin...

WordPress Register Plus Plugin <= 3.5.1 - Multiple Vulnerabilities

Because of these vulnerabilities, the attackers can obtain sensitive information via a direct request to dashwidget.php and register-plus.php. Solution Update the plugin...

Vulnerabilities in Register Plus for WordPress

Hello Bugtraq! I want to warn you about Cross-Site Scripting, Insufficient Anti-automation and Full path disclosure vulnerabilities in plugin Register Plus for WordPress. ------------------------- Affected products: ------------------------- Vulnerable are versions of plugin Register Plus 3.5.1 a...