WordPress Plugin Vulnerabilities

GigPress <= 2.3.10 - Authenticated XSS & Blind SQLi

Description

The GigPress WordPress plugin was affected by an Authenticated XSS & Blind SQLi security vulnerability.

Affects Plugins

Plugin icon
gigpress
Fixed in 2.3.11

References

CVE
CVE-2015-9353
CVE
CVE-2015-9354
URL
http://cinu.pl/research/wp-plugins/mail_2594b7297dc90ae511370bb8f1eaa82e.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
65efe3ac-b3ce-4cde-9587-08954bbf80b1

Timeline

Publicly Published
2015-08-24 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
wp-cleanfix - Remote Comm& Execution, CSRF & XSS
Published
2017-05-11
Title
Tracking Code Manager < 1.11.4 - Authenticated XSS, CSRF & DoS
Published
2015-02-04
Title
Pixabay Images <= 2.3 - Multiple Vulnerabilities (RCE, XSS, ...)
Published
2014-08-01
Title
RokMicroNews <= 1.5 - XSS,DoS,Disclosure,Upload Vulnerabilities
Published
2016-11-17
Title
Relevanssi Premium < 1.14.6.1 - SQL Injection & PHP Object Injection