WordPress Plugin Wordfence Security – Multiple Vulnerabilities

  • 作者: Voxel@Night
    日期: 2014-09-14
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/39317/
  • source: https://www.securityfocus.com/bid/69815/info
    
    The Wordfence Security Plugin for WordPress is prone to following vulnerabilities:
    
    1. Multiple HTML-Injection vulnerabilities
    2. Multiple Security Bypass vulnerabilities
    
    Successful exploits of these issues allow the attacker-supplied HTML and script code to run in the context of the affected browser potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user, or to bypass security mechanisms.
    
    Wordfence Security Plugin 5.2.3 is vulnerable; other versions may also be affected 
    
    http://www.example.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php