WordPress Plugin Vulnerabilities

Tracking Code Manager < 1.11.4 - Authenticated XSS, CSRF & DoS

Description

The Tracking Code Manager WordPress plugin was affected by an Authenticated XSS, CSRF & DoS security vulnerability.

Affects Plugins

Plugin icon
tracking-code-manager
Fixed in 1.11.4

References

URL
https://www.defensecode.com/advisories/DC-2017-01-020_WordPress_Tracking_Code_Manager_Plugin_Advisory.pdf
URL
https://seclists.org/bugtraq/2017/May/30
URL
https://plugins.trac.wordpress.org/changeset/1729503/tracking-code-manager
URL
https://plugins.trac.wordpress.org/changeset/1725018/tracking-code-manager
URL
https://plugins.trac.wordpress.org/changeset/1723651/tracking-code-manager

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
e94b5f47-249d-41cc-9753-d6fc55e31f67

Timeline

Publicly Published
2017-05-11 (about 9 years ago)
Added
2017-05-12 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2014-08-01
Title
Flexi Quote Rotator - Cross-Site Request Forgery & SQL Injection Vulnerabilities
Published
2019-05-06
Title
W3 Total Cache < 0.9.7.4 - Blind SSRF and RCE via phar
Published
2021-07-12
Title
Frontend File Manager < 18.3 - Authenticated Arbitrary Settings Change to Arbitrary File Upload
Published
2020-02-24
Title
Ultimate Membership Pro < 8.6.2 - Multiple CSRF Issues via AJAX Calls, Insufficient Filename Entropy
Published
2014-08-01
Title
Multiple vulnerabilities in Chocolate WP theme for WordPress