EUVD-2015-6765

Malware in sbrugna...

WordPress SecureMoz Security Audit Plugin Has Unspecified Vulnerability

WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Software Foundation, which supports the hosting of personal blogging sites on servers running PHP and MySQL.SecureMoz Security Audit is one of the security audits which provides more than 27 ways to protect...

Design/Logic Flaw

The tweetinfo function in class/functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by...

CVE-2015-6828

The tweetinfo function in class/functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by...

WordPress SecureMoz Security Audit Plugin <= 1.0.5 - PHP Object Injection

The tweetinfo function in class/functions.php does not use an HTTPS session for downloading serialized data. In that way an attacker can execute arbitrary PHP code by modifying the client-server data stream. Solution Update the plugin...