Vulnerability definition feed

Prevent author impersonation in creating new post

Wed, 04 Mar 2015 16:53:19 GMT

Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6

Privilege escalation in deactivating plugins

Wed, 04 Mar 2015 16:53:19 GMT

wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.

http://www.cvedetails.com/cve/CVE-2012-2402/

http://core.trac.wordpress.org/changeset/20526/branches/3.3

This vulnerability affects the following application versions:

WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1

[CVE-2014-5019] Denial of service with malicious HTTP Host header

Wed, 04 Mar 2015 16:53:19 GMT

Drupal core's multisite feature dynamically determines which configuration file to use based on the HTTP Host header. The HTTP Host header validation did not sufficiently check maliciously-crafted header values, thereby exposing a denial of service vulnerability. This vulnerability also affected sites that didn't actually use the multisite feature.

Part of security release SA-CORE-2014-003

This vulnerability affects the following application versions:

Drupal 5.13
Drupal 5.14
Drupal 5.15
Drupal 5.16
Drupal 5.17
Drupal 5.18
Drupal 5.19
Drupal 5.20
Drupal 5.21
Drupal 5.22
Drupal 5.23
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28

Network plugins only through the network admin

Wed, 04 Mar 2015 16:53:19 GMT

Only allow operations on network plugins through the network admin.

http://core.trac.wordpress.org/ticket/21187

This vulnerability affects the following application versions:

WordPress 3.4
WordPress 3.4.1

com_mailto Spam

Wed, 04 Mar 2015 16:53:19 GMT

The mailto component had not verified validity of the URL prior to sending.

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6

[20080801] - Password Remind Functionality

Wed, 04 Mar 2015 16:53:19 GMT

A flaw in the reset token validation mechanism allows for non-validating tokens to be forged. This will allow an unauthenticated, unauthorized user to reset the password of the first enabled user (lowest id). Typically, this is an administrator user. Note, that changing the first users username may lessen the impact of this exploit (since the person who changed the password does not know the login associated with the new password). However, the only way to completely rectify the issue is to upgrade to 1.5.6 (or patch the /components/com_user/models/reset.php file).

Part of security release: 1.5.6

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5

UTF-7 UTF-8 XSS in title

Wed, 04 Mar 2015 16:53:19 GMT

When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input.

Certain byte sequences that are valid in the UTF-8 specification are potentially dangerous when interpreted as UTF-7. Internet Explorer 6 and 7 may decode these characters as UTF-7 if they appear before the tag that specifies the page content as UTF-8, despite the fact that Drupal also sends a real HTTP header specifying the content as UTF-8. This behaviour enables malicious users to insert and execute Javascript in the context of the website if site visitors are allowed to post content.

https://drupal.org/node/449078

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11

Password change vulnerability through RNG predictability

Wed, 04 Mar 2015 16:53:19 GMT

Weak random number generation during password reset leads to possibility of changing a user's password.

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8
Joomla 1.5.9
Joomla 1.5.10
Joomla 1.5.11
Joomla 1.5.12
Joomla 1.5.13
Joomla 1.5.14
Joomla 1.5.15
Joomla 1.5.16
Joomla 1.5.17
Joomla 1.5.18
Joomla 1.5.19
Joomla 1.5.20
Joomla 1.5.21
Joomla 1.5.22
Joomla 1.5.23
Joomla 1.5.24

[CVE-2014-5019] Denial of service with malicious HTTP Host header

Wed, 04 Mar 2015 16:53:19 GMT

Drupal core's multisite feature dynamically determines which configuration file to use based on the HTTP Host header. The HTTP Host header validation does not sufficiently check maliciously-crafted header values. An attacker could cause Drupal to include and execute specifically named files outside of its root directory.

Part of security release SA-CORE-2014-003

This vulnerability affects the following application versions:

Drupal 5.0
Drupal 5.1
Drupal 5.2
Drupal 5.3
Drupal 5.4
Drupal 5.5
Drupal 5.6
Drupal 5.7
Drupal 5.8
Drupal 5.9
Drupal 5.10
Drupal 5.11
Drupal 5.12
Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6

Denial of Service in XML-RPC processing

Wed, 04 Mar 2015 16:53:19 GMT

The XML processing of XML-RPC requests is vulnerable to an XML entity expansion attack and other related XML payload attacks which can cause CPU and memory exhaustion and the site's database to reach the maximum number of open connections. Any of these may lead to the site becoming unavailable or unresponsive (denial of service).

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.9
WordPress 3.9.1

[20130201] Highlight plugin allowing code injection

Wed, 04 Mar 2015 16:53:19 GMT

Method of encoding search terms had led to possible information disclosure.

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2

plg_xstandard directory traversal

Wed, 04 Mar 2015 16:53:19 GMT

A crafted request had caused disclosure of the directory structure on the server (including any directory that php has access to).

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8

[CVE-2014-5266 + CVE-2014-5267] Denial of Service in OpenID module

Wed, 04 Mar 2015 16:53:19 GMT

Drupal includes an OpenID module which is publicly available. The PHP XML parser used by this endpoint was vulnerable to an XML entity expansion attack and other related XML payload attacks which could cause CPU and memory exhaustion and the site's database to reach the maximum number of open connections. Any of these may lead to the site becoming unavailable or unresponsive (denial of service). This vulnerability only affected sites that have the OpenID module enabled.

Part of security release SA-CORE-2014-004

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30

[CVE-2014-5265] Denial of Service in XML-RPC module

Wed, 04 Mar 2015 16:53:19 GMT

Drupal includes an XML-RPC endpoint which is publicly available (xmlrpc.php). The PHP XML parser used by this XML-RPC endpoint was vulnerable to an XML entity expansion attack and other related XML payload attacks which could cause CPU and memory exhaustion and the site's database to reach the maximum number of open connections. Any of these may lead to the site becoming unavailable or unresponsive (denial of service).

All Drupal sites were vulnerable to this attack whether XML-RPC is used or not.

Part of security release SA-CORE-2014-004

This vulnerability affects the following application versions:

Drupal 5.0
Drupal 5.1
Drupal 5.2
Drupal 5.3
Drupal 5.4
Drupal 5.5
Drupal 5.6
Drupal 5.7
Drupal 5.8
Drupal 5.9
Drupal 5.10
Drupal 5.11
Drupal 5.12
Drupal 5.13
Drupal 5.14
Drupal 5.15
Drupal 5.16
Drupal 5.17
Drupal 5.18
Drupal 5.19
Drupal 5.20
Drupal 5.21
Drupal 5.22
Drupal 5.23
Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30

XML entity attack in GetID3 module

Wed, 04 Mar 2015 16:53:19 GMT

Information disclosure was possible via XML entity attacks in the external GetID3 library.

This vulnerability affects the following application versions:

WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.9
WordPress 3.9.1

XSS in making URLs clickable

Wed, 04 Mar 2015 16:53:19 GMT

wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

http://www.cvedetails.com/cve/CVE-2011-4957/

http://core.trac.wordpress.org/changeset/20493/branches/3.3

This vulnerability affects the following application versions:

WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1

Formatting url_cleaning

Wed, 04 Mar 2015 16:53:19 GMT

Checking of bad protocols was not normalized.

http://core.trac.wordpress.org/changeset/17172/branches/3.0/wp-includes/formatting.php

This vulnerability affects the following application versions:

WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3

Code execution when processing widgets

Wed, 04 Mar 2015 16:53:19 GMT

Fixes a possible but unlikely code execution when processing widgets.

This vulnerability affects the following application versions:

WordPress 3.9
WordPress 3.9.1

OpenID authentication bypass

Wed, 04 Mar 2015 16:53:19 GMT

The OpenID module didn't implement all the required verifications from the OpenID 2.0 protocol and was vulnerable to a number of attacks.

Specifically:
- OpenID should verify that a "openid.response_nonce" had not already been used for an assertion by the OpenID provider
- OpenID should verify the value of openid.return_to as obtained from the OpenID provider
- OpenID must verify that all fields that were required to be signed were signed

These specification violations allowed malicious sites to harvest positive assertions from OpenID providers and used them on sites using the OpenID module to obtain access to preexisting accounts bound to the harvested OpenIDs. Intercepted assertions from OpenID providers could also be replayed and used to obtain access to user accounts bound to the intercepted OpenIDs.

Part of security release SA-CORE-2010-002

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17

Cross-site scripting Form API optgroups

Wed, 04 Mar 2015 16:53:19 GMT

A cross-site scripting vulnerability was found due to Drupal's form API failing to sanitize option group labels in select elements.

https://www.drupal.org/SA-CORE-2014-003

This vulnerability affects the following application versions:

Drupal 5.0
Drupal 5.1
Drupal 5.2
Drupal 5.3
Drupal 5.4
Drupal 5.5
Drupal 5.6
Drupal 5.7
Drupal 5.8
Drupal 5.9
Drupal 5.10
Drupal 5.11
Drupal 5.12
Drupal 5.13
Drupal 5.14
Drupal 5.15
Drupal 5.16
Drupal 5.17
Drupal 5.18
Drupal 5.19
Drupal 5.20
Drupal 5.21
Drupal 5.22
Drupal 5.23
Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28

[CVE-2014-5020] Access bypass in file module

Wed, 04 Mar 2015 16:53:19 GMT

The File module included in Drupal 7 core allowed attaching files to pieces of content. The module didn't sufficiently check permission to view the attached file when attaching a file that was previously uploaded. This could allow attackers to gain access to private files.

Part of security release SA-CORE-2014-003

This vulnerability affects the following application versions:

Drupal 5.0
Drupal 5.1
Drupal 5.2
Drupal 5.3
Drupal 5.4
Drupal 5.5
Drupal 5.6
Drupal 5.7
Drupal 5.10
Drupal 5.11
Drupal 5.12
Drupal 5.13
Drupal 5.14
Drupal 5.15
Drupal 5.16
Drupal 5.17
Drupal 5.18
Drupal 5.19
Drupal 5.20
Drupal 5.21
Drupal 5.22
Drupal 5.23
Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28

Image file upload

Wed, 04 Mar 2015 16:53:19 GMT

Tiny browser included with TinyMCE 3.0 editor allowed files to be uploaded and removed without logging in.

Part of security release: 1.5.12

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8
Joomla 1.5.9
Joomla 1.5.10
Joomla 1.5.11
Joomla 1.5.12

XSS in JURI object creation

Wed, 04 Mar 2015 16:53:19 GMT

During construction of JURI objects the supplied URI isn't sanitized properly, leading to a vulnerability for injection through crafted URLs.

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8
Joomla 1.5.9
Joomla 1.5.10
Joomla 1.5.11
Joomla 1.5.12
Joomla 1.5.13
Joomla 1.5.14
Joomla 1.5.15
Joomla 1.5.16
Joomla 1.5.17
Joomla 1.5.18
Joomla 1.5.19
Joomla 1.5.20

CSRF vulnerabilities in com_media

Wed, 04 Mar 2015 16:53:19 GMT

A series of CSRF faults had existed in the administrator application for com_media.

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8
Joomla 1.5.9

SQL injection / Path disclosure

Wed, 04 Mar 2015 16:53:19 GMT

Joomla 1.5.18 and older had contained various SQL injection vulnerabilities.

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8
Joomla 1.5.9
Joomla 1.5.10
Joomla 1.5.11
Joomla 1.5.12
Joomla 1.5.13
Joomla 1.5.14
Joomla 1.5.15
Joomla 1.5.16
Joomla 1.5.17
Joomla 1.5.18

Vulnerability in privilege checking

Wed, 04 Mar 2015 16:53:19 GMT

The plugin did not sufficiently check whether a page was actually visited by the website administratory. This vulnerability gives a potential intruder the power to do anything he wants on his victim’s website and allows for any PHP file to be uploaded.

http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html

This vulnerability affects the following application versions:

MailPoet 2.1
MailPoet 2.1.1
MailPoet 2.1.2
MailPoet 2.1.3
MailPoet 2.1.4
MailPoet 2.1.5
MailPoet 2.1.6
MailPoet 2.1.7
MailPoet 2.1.8
MailPoet 2.1.9
MailPoet 2.2
MailPoet 2.2.1
MailPoet 2.2.2
MailPoet 2.2.3
MailPoet 2.3
MailPoet 2.3.1
MailPoet 2.3.2
MailPoet 2.3.3
MailPoet 2.3.4
MailPoet 2.3.5
MailPoet 2.4
MailPoet 2.4.1
MailPoet 2.4.2
MailPoet 2.4.3
MailPoet 2.4.4
MailPoet 2.5
MailPoet 2.5.1
MailPoet 2.5.2
MailPoet 2.5.3
MailPoet 2.5.4
MailPoet 2.5.5
MailPoet 2.5.7
MailPoet 2.5.8
MailPoet 2.5.9
MailPoet 2.5.9.1
MailPoet 2.5.9.2
MailPoet 2.5.9.3
MailPoet 2.5.9.4
MailPoet 2.6
MailPoet 2.6.1
MailPoet 2.6.2
MailPoet 2.6.3
MailPoet 2.6.4
MailPoet 2.6.5
MailPoet 2.6.6
MailPoet 2.6.7

Upload vulnerability

Wed, 04 Mar 2015 16:53:19 GMT

Timthumb upload vulnerability

This vulnerability affects the following application versions:

Timthumb 2
Timthumb 3
Timthumb 4
Timthumb 5
Timthumb 6
Timthumb 7
Timthumb 8
Timthumb 9
Timthumb 10
Timthumb 11
Timthumb 12
Timthumb 13
Timthumb 14
Timthumb 15
Timthumb 16
Timthumb 17
Timthumb 18
Timthumb 19
Timthumb 20
Timthumb 21
Timthumb 22
Timthumb 23
Timthumb 24
Timthumb 25
Timthumb 26
Timthumb 27
Timthumb 28
Timthumb 29
Timthumb 30
Timthumb 31
Timthumb 32
Timthumb 33
Timthumb 34
Timthumb 35
Timthumb 36
Timthumb 37
Timthumb 38
Timthumb 39
Timthumb 40
Timthumb 41
Timthumb 42
Timthumb 43
Timthumb 44
Timthumb 45
Timthumb 46
Timthumb 47
Timthumb 48
Timthumb 49
Timthumb 50
Timthumb 51
Timthumb 52
Timthumb 53
Timthumb 54
Timthumb 55
Timthumb 56
Timthumb 57
Timthumb 58
Timthumb 59
Timthumb 60
Timthumb 61
Timthumb 62
Timthumb 63
Timthumb 64
Timthumb 65
Timthumb 66
Timthumb 67
Timthumb 68
Timthumb 69
Timthumb 70
Timthumb 71
Timthumb 72
Timthumb 73
Timthumb 74
Timthumb 75
Timthumb 76
Timthumb 77
Timthumb 78
Timthumb 79
Timthumb 80
Timthumb 81
Timthumb 82
Timthumb 83
Timthumb 84
Timthumb 85
Timthumb 86
Timthumb 87
Timthumb 88
Timthumb 89
Timthumb 90
Timthumb 91
Timthumb 92
Timthumb 93
Timthumb 94
Timthumb 95
Timthumb 96
Timthumb 97
Timthumb 98
Timthumb 99
Timthumb 100
Timthumb 101
Timthumb 102
Timthumb 103
Timthumb 104
Timthumb 105
Timthumb 106
Timthumb 107
Timthumb 108
Timthumb 109
Timthumb 110
Timthumb 111
Timthumb 112
Timthumb 113
Timthumb 114
Timthumb 115
Timthumb 116
Timthumb 117
Timthumb 118
Timthumb 119
Timthumb 120
Timthumb 121
Timthumb 122
Timthumb 123
Timthumb 124
Timthumb 125
Timthumb 126
Timthumb 127
Timthumb 128
Timthumb 129
Timthumb 130
Timthumb 131
Timthumb 132
Timthumb 133
Timthumb 134
Timthumb 135
Timthumb 136
Timthumb 137
Timthumb 138
Timthumb 139
Timthumb 140
Timthumb 141
Timthumb 142
Timthumb 143
Timthumb 144
Timthumb 145
Timthumb 146
Timthumb 147
Timthumb 148
Timthumb 149
Timthumb 150
Timthumb 151
Timthumb 152
Timthumb 153
Timthumb 154
Timthumb 155
Timthumb 156
Timthumb 157
Timthumb 158
Timthumb 159
Timthumb 160
Timthumb 161
Timthumb 162
Timthumb 163
Timthumb 164
Timthumb 165
Timthumb 166
Timthumb 167
Timthumb 168
Timthumb 169
Timthumb 170
Timthumb 171
Timthumb 172
Timthumb 173
Timthumb 174
Timthumb 175
Timthumb 176
Timthumb 177
Timthumb 178
Timthumb 179
Timthumb 180
Timthumb 181
Timthumb 182
Timthumb 183
Timthumb 184
Timthumb 185
Timthumb 186
Timthumb 187
Timthumb 188
Timthumb 189
Timthumb 190
Timthumb 191
Timthumb 192
Timthumb 193
Timthumb 194
Timthumb 195
Timthumb 196
Timthumb 197
Timthumb 198

Security hardening in allowed upload file types

Wed, 04 Mar 2015 16:53:19 GMT

Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML.

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6

JSession SSL session disclosure

Wed, 04 Mar 2015 16:53:19 GMT

When running a site under SSL ONLY (the entire site was forced to be under ssl), Joomla! had not set the SSL flag on the cookie. This had allowed someone monitoring the network to find the cookie related to the session.

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8

Information disclosure through media uploader

Wed, 04 Mar 2015 16:53:19 GMT

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.

http://www.cvedetails.com/cve/CVE-2011-0701/

http://core.trac.wordpress.org/changeset/17393

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4

[CVE-2012-1588] Denial of Service using filter function

Wed, 04 Mar 2015 16:53:19 GMT

Drupal core's text filtering system provides several features including removing inappropriate HTML tags and automatically linking content that appears to be a link. A pattern in Drupal's text matching was found to be inefficient with certain specially crafted strings. This vulnerability is mitigated by the fact that users must have the ability to post content sent to the filter system such as a role with the "post comments" or "Forum topic: Create new content" permission.

Part of security release SA-CORE-2012-002

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12

Script/basename vulnerability

Wed, 04 Mar 2015 16:53:19 GMT

https://github.com/osCommerce/oscommerce2/commit/65219120b1f174aa69b5045bfe43ff5dc22d8e63

This vulnerability affects the following application versions:

osCommerce 2.2ms2
osCommerce 2.2ms2-051113
osCommerce 2.2ms2-060817
osCommerce 2.2rc1
osCommerce 2.2rc2
osCommerce 2.2rc2a

Privilege escalation in comments

Wed, 04 Mar 2015 16:53:19 GMT

SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.

http://www.cvedetails.com/cve/CVE-2010-4257/

http://core.trac.wordpress.org/changeset/16625
http://core.trac.wordpress.org/changeset/16638

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1

[CVE-2012-0826] CSRF vulnerability in Aggregator module

Wed, 04 Mar 2015 16:53:19 GMT

An XSRF vulnerability could force an aggregator feed to update. Since some services were rate-limited (e.g. Twitter limits requests to 150 per hour) this could lead to a denial of service.

Part of security release SA-CORE-2012-001

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10

Access bypass in File module

Wed, 04 Mar 2015 16:53:19 GMT

When using private files in combination with a node access module, the File module allows unrestricted access to private files.

Part of security release SA-CORE-2011-001

This vulnerability affects the following application versions:

Drupal 7.0

Information disclosure through weak user agent encryption

Wed, 04 Mar 2015 16:53:19 GMT

Weak encryption had caused potential information disclosure.

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8
Joomla 1.5.9
Joomla 1.5.10
Joomla 1.5.11
Joomla 1.5.12
Joomla 1.5.13
Joomla 1.5.14
Joomla 1.5.15
Joomla 1.5.16
Joomla 1.5.17
Joomla 1.5.18
Joomla 1.5.19
Joomla 1.5.20
Joomla 1.5.21
Joomla 1.5.22
Joomla 1.5.23

oEmbed XML External Entity Injection

Wed, 04 Mar 2015 16:53:19 GMT

WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

http://www.cvedetails.com/cve/CVE-2013-2202/

http://core.trac.wordpress.org/changeset/24471/branches/3.5

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1

Access restriction bypass in xmlrpc.php

Wed, 04 Mar 2015 16:53:19 GMT

The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.

http://www.cvedetails.com/cve/CVE-2010-5106/

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2

Signature change filter bypass

Wed, 04 Mar 2015 16:53:19 GMT

User signatures have no separate input format, they use the format of the comment with which they are displayed. A user will no longer be able to edit a comment when an administrator changes the comment's input format to a format that is not accessible to the user. However they will still be able to modify their signature, which will then be processed by the new input format.

If the new format is very permissive, via their signature, the user may be able to insert arbitrary HTML and script code into pages or, when the PHP filter is enabled for the new format, execute PHP code.

Part of security release SA-CORE-2009-007

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12

[CVE-2013-0246] Incorrect image permissions set in image module

Wed, 04 Mar 2015 16:53:19 GMT

Drupal core provides the ability to have private files, including images. A vulnerability was identified in which derivative images (which Drupal automatically creates from these images based on "image styles" and which may differ, for example, in size or saturation) did not always receive the same protection. Under some circumstances, this would allow users to access image derivatives for images they should not be able to view.

Part of security release SA-CORE-2013-001

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18

Password leaked in URL

Wed, 04 Mar 2015 16:53:19 GMT

When an anonymous user fails to login due to mistyping his username or password, and the page he is on contains a sortable table, the (incorrect) username and password were included in links on the table. If the user visits these links the password may then be leaked to external sites via the HTTP referer.

In addition, if the anonymous user is enticed to visit the site via a specially crafted URL while the Drupal page cache is enabled, a malicious user could be able to retrieve the (incorrect) username and password from the page cache.

Part of security release SA-CORE-2009-007

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12

[20080901] - JRequest Variable Injection

Wed, 04 Mar 2015 16:53:19 GMT

A flaw in JRequest exists where variables set with JRequest::setVar are not cleaned when fetching the variable at a later point in the request. This can result in variable injection (unwanted characters injected into returned data).

Part of security release: 1.5.7

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6

Formatting segfault

Wed, 04 Mar 2015 16:53:19 GMT

With the right parameters make_clickable produces segmentation faults.

http://core.trac.wordpress.org/ticket/16892

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1

Session fixation

Wed, 04 Mar 2015 16:53:19 GMT

Session id doesn't get modified when user logs in. A remote site may be able to forward a visitor to the Joomla! site and set a specific cookie. If the user then logs in, the remote site can use that cookie to authenticate as that user.

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8
Joomla 1.5.9
Joomla 1.5.10
Joomla 1.5.11
Joomla 1.5.12
Joomla 1.5.13
Joomla 1.5.14
Joomla 1.5.15

Information disclosure through improper form data isolation

Wed, 04 Mar 2015 16:53:19 GMT

Drupal did not properly isolate the cached data of different anonymous users, which allowed remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.

http://www.cvedetails.com/cve/CVE-2014-2983/

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26

Privilege escalation due to inversed permission check

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate permission checking allows unauthorised viewing of administrative back end information.

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8
Joomla 1.5.9
Joomla 1.5.10
Joomla 1.5.11
Joomla 1.5.12
Joomla 1.5.13
Joomla 1.5.14
Joomla 1.5.15
Joomla 1.5.16
Joomla 1.5.17
Joomla 1.5.18
Joomla 1.5.19
Joomla 1.5.20
Joomla 1.5.21
Joomla 1.5.22
Joomla 1.5.23
Joomla 1.5.24
Joomla 1.5.25

wp_upload_dir() shows paths

Wed, 04 Mar 2015 16:53:19 GMT

A more generic message for wp_upload_dir()

http://core.trac.wordpress.org/ticket/21796

This vulnerability affects the following application versions:

WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1

com_mailto Timeout Issue

Wed, 04 Mar 2015 16:53:19 GMT

In com_mailto, it had been possible to bypass timeout protection against sending automated emails.

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8
Joomla 1.5.9
Joomla 1.5.10
Joomla 1.5.11
Joomla 1.5.12
Joomla 1.5.13

File inclusion when running in Windows

Wed, 04 Mar 2015 16:53:19 GMT

This vulnerability exists on Windows, regardless of the type of webserver (Apache, IIS) used.

The Drupal theme system takes URL arguments into account when selecting a template file to use for page rendering. While doing so, it didn't take into account how Windows arrives at a canonicalized path. This enabled malicious users to include files, readable by the webserver and located on the same volume as Drupal, and to execute PHP contained within those files. For example: If a site has uploads enabled, an attacker may upload a file containing PHP code and cause it to be included on a subsequent request by manipulating the URL used to access the site.

Part of security release SA-CORE-2009-004

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9

Check in check_admin_referer

Wed, 04 Mar 2015 16:53:19 GMT

Harden check_admin_referer() when called without arguments, which plugins should avoid.

http://core.trac.wordpress.org/changeset/17387

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4

Media upload nonce check

Wed, 04 Mar 2015 16:53:19 GMT

Security hardening to media uploads

http://core.trac.wordpress.org/changeset/17569

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.1

Taxonomy get_terms SQL injection

Wed, 04 Mar 2015 16:53:19 GMT

SQL injection in get_terms.

http://www.cvedetails.com/cve/CVE-2011-3130/

http://core.trac.wordpress.org/changeset/21759

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1

XSS in request_filesystem_credentials() and when deleting a plugin

Wed, 04 Mar 2015 16:53:19 GMT

XSS fixes in request_filesystem_credentials() and when deleting a plugin.

http://core.trac.wordpress.org/changeset/16373
http://core.trac.wordpress.org/changeset/16367

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1

XSS vulnerability in color module

Wed, 04 Mar 2015 16:53:19 GMT

A malicious attacker could trick an authenticated administrative user into visiting a page containing specific JavaScript that could lead to a reflected cross-site scripting attack via JavaScript execution in CSS.

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23

XSS in post_status, comment_status and ping_status

Wed, 04 Mar 2015 16:53:19 GMT

Fix XSS bug: Properly encode title used in Quick/Bulk Edit, and offer additional sanitization to various fields. Affects users of the Author or Contributor role.

http://www.cvedetails.com/cve/CVE-2011-0700/
http://core.trac.wordpress.org/changeset/17406
http://core.trac.wordpress.org/changeset/17397
http://core.trac.wordpress.org/changeset/17412

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4

[20120104] - XSS Vulnerability

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate filtering leads to XSS vulnerability.

Part of security release: 1.7.4 and 2.5.0

This vulnerability affects the following application versions:

Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3

Privilege escalation in menu system

Wed, 04 Mar 2015 16:53:19 GMT

The menu system routes page requests to appropriate handlers. It also determines whether a user had access to pages based on several criteria, such as permissions assigned to a role. Drupal 6 features an entirely revised menu system, including changes to the way access was dealt with, which if not properly understood by developers could lead to vulnerabilities. This security release provides a more secure access behaviour by default, and fixes incorrectly set menu items in Drupal core.

Access to some pages was not appropriately controlled:
- Any user could edit profile pages of other users.
- Users who could view administration pages were able to edit content types.
- The tracker and blog pages expose information to users without the "access content" permission.

Part of security release SA-2008-026

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1

Reflected XSS in error message

Wed, 04 Mar 2015 16:53:19 GMT

A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a specially crafted URL can cause malicious scripts to be injected into the message. The issue can be mitigated by disabling on-screen error display at admin/settings/error-reporting. This is the recommended setting for production sites.

https://drupal.org/node/1168756

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20

XSS vulnerabilities in the KSES library

Wed, 04 Mar 2015 16:53:19 GMT

Multiple XSS vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form.

http://www.cvedetails.com/cve/CVE-2010-4536/
http://core.trac.wordpress.org/changeset/17172

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3

Link/redirect injection

Wed, 04 Mar 2015 16:53:19 GMT

Fix insufficient input validation that could result in redirecting or leading a user to another website.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6

Media upload ID leaking

Wed, 04 Mar 2015 16:53:19 GMT

Restrict some post IDs when dealing with media uploading, which could leak some info (or attach media to a post the user doesn’t have privileges to).

http://core.trac.wordpress.org/changeset/21087/branches/3.3

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2

Unfiltered HTML comments

Wed, 04 Mar 2015 16:53:19 GMT

Unfiltered HTML comments from a frame.

http://core.trac.wordpress.org/ticket/20812

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2

Remote code execution through unsafe data de-serialization

Wed, 04 Mar 2015 16:53:19 GMT

Block unsafe PHP de-serialization that could occur in limited situations and setups, which can lead to remote code execution.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6

Installing/Updating Plugins/Themes XSS

Wed, 04 Mar 2015 16:53:19 GMT

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editing of media files, (3) installation of plugins, (4) updates to plugins, (5) installation of themes, or (6) updates to themes.

http://www.cvedetails.com/cve/CVE-2013-2201/

http://core.trac.wordpress.org/changeset/24475/branches/3.5

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1

XSS in update and template management

Wed, 04 Mar 2015 16:53:19 GMT

Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

http://www.cvedetails.com/cve/CVE-2011-4956/

http://core.trac.wordpress.org/changeset/17583

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.1

Contributor-level users to improperly publish posts

Wed, 04 Mar 2015 16:53:19 GMT

a vulnerability that allows Contributor-level users to improperly publish posts.

http://core.trac.wordpress.org/changeset/17710

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.1
WordPress 3.1.1

XSS in redirects

Wed, 04 Mar 2015 16:53:19 GMT

wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

http://www.cvedetails.com/cve/CVE-2012-2404/

http://core.trac.wordpress.org/changeset/20486/branches/3.3

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1

File Manager upload vulnerability

Wed, 04 Mar 2015 16:53:19 GMT

osCommerce 2.2 File Manager upload vulnerability

This vulnerability affects the following application versions:

osCommerce 2.2ms2
osCommerce 2.2ms2-051113
osCommerce 2.2ms2-060817
osCommerce 2.2rc1
osCommerce 2.2rc2
osCommerce 2.2rc2a

Denial of Service via Post Password Cookies

Wed, 04 Mar 2015 16:53:19 GMT

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1

Excerpt mode shows post even if user is not allowed to

Wed, 04 Mar 2015 16:53:19 GMT

In excerpt view, show the excerpt only if the user can read_post.

http://core.trac.wordpress.org/changeset/21086/branches/3.3

This vulnerability affects the following application versions:

WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2

HTML filtering on comment text

Wed, 04 Mar 2015 16:53:19 GMT

Force HTML filtering on comment text in the admin.

http://core.trac.wordpress.org/changeset/17400

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4

XSS vulnerability in Color module

Wed, 04 Mar 2015 16:53:19 GMT

When using re-colorable themes, color inputs are not sanitized. Malicious color values can be used to insert arbitrary CSS and script code. Successful exploitation requires the "Administer themes" permission.

https://drupal.org/node/1168756

This vulnerability affects the following application versions:

Drupal 7.0

[20120202] Information Disclosure

Wed, 04 Mar 2015 16:53:19 GMT

On some servers the error log had been read by unauthorised users.

This vulnerability affects the following application versions:

Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4

Full Path Disclosure in file upload

Wed, 04 Mar 2015 16:53:19 GMT

WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message.

Full Path Disclosure (FPD) during File Upload.

http://www.cvedetails.com/cve/CVE-2013-2203/

http://core.trac.wordpress.org/changeset/24464/branches/3.5

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1

XSS in get_pagenum_link

Wed, 04 Mar 2015 16:53:19 GMT

xss in get_pagenum_link()

http://core.trac.wordpress.org/ticket/14556

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2

[20120102] - XSS Vulnerability

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate filtering leads to XSS vulnerability.

Part of security release: 1.7.4 and 2.5.0

This vulnerability affects the following application versions:

Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3

Arbitrary file uploads via BlogAPI

Wed, 04 Mar 2015 16:53:19 GMT

The BlogAPI module did not validate the extension of uploaded files, enabled users with the "administer content with blog api" permission to upload harmful files.

Part of security release SA-2008-047

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3

XSS in titles

Wed, 04 Mar 2015 16:53:19 GMT

Titles are not escaped prior to being displayed on content edit forms, allowing users to inject arbitrary HTML and script code into these pages.

http://www.cvedetails.com/cve/CVE-2008-1133/

https://drupal.org/node/227608

This vulnerability affects the following application versions:

Drupal 6.0

[CVE-2012-0825] OpenID did not verify signed attributes in SREG and AX

Wed, 04 Mar 2015 16:53:19 GMT

A group of security researchers identified a flaw in how some OpenID relying parties implement Attribute Exchange (AX). Not verifying that attributes being passed through AX have been signed could allow an attacker to modify users' information.

Part of security release SA-CORE-2012-001

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10

[20130407] - XSS vulnerability in highlighter plugin

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate filtering leads to XSS vulnerability in highlighter plugin.

Part of security release: 2.5.10, 3.1.0 and 3.0.4.

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3

[20110701] - XSS Vulnerability

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate escaping leads to XSS vulnerability.

Part of security release: 1.6.6

This vulnerability affects the following application versions:

Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5

[CVE-2012-5653] Arbitrary PHP code execution in file upload modules

Wed, 04 Mar 2015 16:53:19 GMT

Drupal core's file upload feature blocks the upload of many files that could be executed on the server by munging the filename. A malicious user could name a file in a manner that bypasses this munging of the filename in Drupal's input validation.

Part of security release SA-CORE-2012-004

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17

SQL injection hardening

Wed, 04 Mar 2015 16:53:19 GMT

A parameter passed into the node access API was not properly escaped or validated before being used in SQL queries.

Part of security release SA-CORE-2009-001

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8

Comment unpublishing bypass

Wed, 04 Mar 2015 16:53:19 GMT

The module supports unpublishing comments by privileged users. Users with the "post comments without approval" permission however could craft a URL which allowed them to republish previously unpublished comments.

Part of security release SA-CORE-2010-002

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17

Access bypass in node listings

Wed, 04 Mar 2015 16:53:19 GMT

Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.

http://www.cvedetails.com/cve/CVE-2011-2687/

https://drupal.org/node/1204582

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2

Unfiltered HTML in Multisite

Wed, 04 Mar 2015 16:53:19 GMT

The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text.

http://www.cvedetails.com/cve/CVE-2012-3383/

http://core.trac.wordpress.org/changeset/21774

This vulnerability affects the following application versions:

WordPress 3.4
WordPress 3.4.1

XSS in wp-includes/class-wp-embed.php maybe_make_link

Wed, 04 Mar 2015 16:53:19 GMT

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the content of a post.

http://www.cvedetails.com/cve/CVE-2013-0236/

http://core.trac.wordpress.org/changeset/23322/branches/3.5

This vulnerability affects the following application versions:

WordPress 3.5

[CVE-2012-0826] CSRF vulnerability in aggregator module

Wed, 04 Mar 2015 16:53:19 GMT

A CSRF vulnerability could force an aggregator feed to update. Since some services were rate-limited (e.g. Twitter limits requests to 150 per hour) this could lead to a denial of service.

Part of security release SA-CORE-2012-001

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22

[20110604] - XSS Vulnerability

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate filtering leads to XSS vulnerability.

Part of security release: 1.6.4

This vulnerability affects the following application versions:

Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3

Profile filters were bypassed if profile pictures were enabled

Wed, 04 Mar 2015 16:53:19 GMT

When user profile pictures were enabled, the default user profile validation function would be bypassed, possibly allowing invalid user names or e-mail addresses to be submitted.

Part of security release SA-CORE-2009-001

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8

[CVE-2012-0827] Limited access bypass in File module

Wed, 04 Mar 2015 16:53:19 GMT

When using private files in combination with certain field access modules, the File module would allow users to download the file even if they did not have access to view the field it was attached to.

Part of security release SA-CORE-2012-001

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10

Attachment disclosure in wp-includes/post.php

Wed, 04 Mar 2015 16:53:19 GMT

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php.

http://www.cvedetails.com/cve/CVE-2011-3128/

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4

Installation XSS

Wed, 04 Mar 2015 16:53:19 GMT

A user-supplied value is directly output during installation allowing a malicious user to craft a URL and perform a cross-site scripting attack. The exploit can only be conducted on sites not yet installed.

https://drupal.org/node/731710

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15

Privilege escalation in user module

Wed, 04 Mar 2015 16:53:19 GMT

A deficiency in the user module allowed users who had been blocked by access rules to continue logging into the site under certain conditions.

Part of security release SA-2008-060

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4

SQL injection in numeric placeholder

Wed, 04 Mar 2015 16:53:19 GMT

Schema API used an inappropriate placeholder for 'numeric' fields enabling SQL injection when user-supplied data was used for such fields. This issue affects Drupal 6 only.

Part of security release SA-2008-044

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2

XSS after deleting input format

Wed, 04 Mar 2015 16:53:19 GMT

When an input format is deleted, not all existing content on a site is updated to reflect this deletion. Such content is then displayed unfiltered. This may lead to cross site scripting attacks when harmful tags are no longer stripped from 'malicious' content that was posted earlier.

https://drupal.org/node/345441

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.5
Drupal 6.6

XSS vulnerability in image module

Wed, 04 Mar 2015 16:53:19 GMT

Image field descriptions are not properly sanitized before they are printed to HTML, thereby exposing a cross-site scripting vulnerability.

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23

[CVE-2012-5653] Arbitrary PHP code execution in file upload modules

Wed, 04 Mar 2015 16:53:19 GMT

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26

BlogAPI access bypass

Wed, 04 Mar 2015 16:53:19 GMT

The BlogAPI module did not implement correct validation for certain content fields, allowing for values to be set for fields which would otherwise be inaccessible on an internal Drupal form.

Part of security release SA-2008-060

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4

[CVE-2012-2153] Incomplete check in content administration

Wed, 04 Mar 2015 16:53:19 GMT

Drupal core provides the ability to list nodes on a site at admin/content. Drupal core failed to confirm a user viewing that page had access to each node in the list. This vulnerability only concerns sites running a contributed node access module and is mitigated by the fact that users must have a role with the "Access the content overview page" permission. Unpublished nodes were not displayed to users who only had the "Access the content overview page" permission.

Part of security release SA-CORE-2012-002

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12

File uploads with unsafe filenames allowed

Wed, 04 Mar 2015 16:53:19 GMT

Filenames containing unsafe characters such as spaces are incorrectly allowed during file upload.

Part of security release: 3.1.5

This vulnerability affects the following application versions:

Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6

[20120301] SQL injection in redirect.php

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate escaping had led to SQL injection vulnerability.

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1

OpenID impersonation

Wed, 04 Mar 2015 16:53:19 GMT

The OpenID module was not a compliant implementation of the OpenID Authentication 2.0 specification. An implementation error allowed a user to access the account of another user when they share the same OpenID 2.0 provider.

Part of security release SA-CORE-2009-008

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13

Invalid usernames are incorrectly accepted

Wed, 04 Mar 2015 16:53:19 GMT

Username validation does not adhere to provided rules, which allows users to register usernames which should be rejected. This exposes the system to potential exploits in combination with other vulnerabilities.

This vulnerability affects the following application versions:

Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6

Blocked user session regeneration

Wed, 04 Mar 2015 16:53:19 GMT

Under certain circumstances, a user with an open session that was blocked could maintain his/her session on the Drupal site, despite being blocked.

Part of security release SA-CORE-2010-001

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15

[CVE-2013-0316] Denial of service in image module

Wed, 04 Mar 2015 16:53:19 GMT

Drupal core's Image module allows for the on-demand generation of image derivatives. This capability could be abused by requesting a large number of new derivatives which could fill up the server disk space, and which could cause a very high CPU load. Either of these effects may lead to the site becoming unavailable or unresponsive.

Part of security release SA-CORE-2013-002

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20

CSRF in update functions

Wed, 04 Mar 2015 16:53:19 GMT

The update system was vulnerable to cross site request forgeries. Malicious users may cause the superuser to execute old updates that may damage the database.

Part of security release SA-2008-073

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6

[CVE-2011-2726] Access bypass in private file fields on comments

Wed, 04 Mar 2015 16:53:19 GMT

Access bypass in private file fields on comments.

Drupal 7 contains two new features: the ability to attach File upload fields to any entity type in the system and the ability to point individual File upload fields to the private file directory.

If a Drupal site was using these features on comments, and the parent node was denied access (either by a node access module or by being unpublished), the file attached to the comment could still be downloaded by non-privileged users if they know or guess its direct URL.

Part of security release SA-CORE-2011-003

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4

[CVE-2012-4553] Information disclosure in OpenID module

Wed, 04 Mar 2015 16:53:19 GMT

For sites using the core OpenID module, an information disclosure vulnerability was identified that allowed an attacker to read files on the local filesystem by attempting to log in to the site using a malicious OpenID server.

Part of security release SA-CORE-2012-003

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15

[CVE-2012-5651] Blocked users visible in search module

Wed, 04 Mar 2015 16:53:19 GMT

A vulnerability was identified that allowed blocked users to appear in user search results, even when the search results are viewed by unprivileged users.

Onderdeel van security release SA-CORE-2012-004

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17

[CVE-2012-4553] Possible reinstall of Drupal (and resulting PHP code execution)

Wed, 04 Mar 2015 16:53:19 GMT

A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original server.

Part of security release SA-CORE-2012-003

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15

[CVE-2012-1590] Incomplete forum list access check

Wed, 04 Mar 2015 16:53:19 GMT

Drupal core's forum lists failed to check user access to nodes when displaying them in the forum overview page. If an unpublished node was the most recently updated in a forum then users who should not have access to unpublished forum posts were still be able to see meta-data about the forum post such as the post title.

Part of security release SA-CORE-2012-002

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12

XSS in OpenID

Wed, 04 Mar 2015 16:53:19 GMT

Some values from OpenID providers are output without being properly escaped, allowing malicious providers to insert arbitrary script and HTML code (XSS) into user pages. This issue affects Drupal 6.x only.

filter_xss_admin() has been hardened to prevent use of the object HTML tag in administrator input.

http://www.cvedetails.com/cve/CVE-2008-3218/

https://drupal.org/node/280571

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2

File download access bypass

Wed, 04 Mar 2015 16:53:19 GMT

The upload module looked up files for download in the database and serves them for download after access checking. However, it did not account for the fact that certain database configurations would not consider case differences in file names. If a malicious user uploaded a file which only differs in letter case, access would be granted for the earlier upload regardless of actual file access to that.

Part of security release SA-CORE-2010-002

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17

CSRF in administrative actions

Wed, 04 Mar 2015 16:53:19 GMT

Translated strings (5.x, 6.x) and OpenID identities (6.x) were immediately deleted upon accessing a properly formatted URL, making such deletion vulnerable to cross site request forgeries (CSRF). This may lead to unintended deletion of translated strings or OpenID identities when a sufficiently privileged user visits a page or site created by a malicious person.

Part of security release SA-2008-044

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2

Incorrect filter allowing XSS

Wed, 04 Mar 2015 16:53:19 GMT

A bug in the output filter employed by Drupal makes it possible for malicious users to insert script code into pages.

https://drupal.org/node/295053

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3

[20111001] Information Disclosure

Wed, 04 Mar 2015 16:53:19 GMT

Weak encryption had caused potential information disclosure.

Part of security release: 1.7.2

This vulnerability affects the following application versions:

Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1

File inclusion in bootstrap.inc

Wed, 04 Mar 2015 16:53:19 GMT

On a server configured for IP-based virtual hosts, Drupal may be caused to include and execute specifically named files outside of its root directory.

Part of security release SA-2008-067

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5

[20120308] - XSS in update manager

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate filtering in update manager leads to XSS vulnerability.

CVE-2012-1612

Part of security release: 2.5.4

This vulnerability affects the following application versions:

Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3

[CVE-2012-0825] OpenID did verifying signed attributes in SREG and AX

Wed, 04 Mar 2015 16:53:19 GMT

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22

[CVE-2012-5651] Blocked users visible in module search

Wed, 04 Mar 2015 16:53:19 GMT

A vulnerability was identified that allowed blocked users to appear in user search results, even when the search results are viewed by unprivileged users.

Part of security release SA-CORE-2012-004

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26

XSS in vocabulary

Wed, 04 Mar 2015 16:53:19 GMT

The taxonomy module allows users with the 'administer taxonomy' permission to inject arbitrary HTML and script code in the help text of any vocabulary.

https://drupal.org/node/461886

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11

[CVE-2013-6385] Naive CSRF protection in Forms API

Wed, 04 Mar 2015 16:53:19 GMT

Drupal's form API has built-in cross-site request forgery (CSRF) validation, and also allows any module to perform its own validation on the form. In certain common cases, form validation functions may executed unsafe operations.

Part of security release SA-CORE-2013-003

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23

[20120303] - Privilege Escalation

Wed, 04 Mar 2015 16:53:19 GMT

Programming error allows privilege escalation in some cases.

Part of security release: 2.5.3

This vulnerability affects the following application versions:

Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2

XSS in forum module

Wed, 04 Mar 2015 16:53:19 GMT

The Forum module does not correctly handle certain arguments obtained from the URL. By enticing a suitably privileged user to visit a specially crafted URL, a malicious user is able to insert arbitrary HTML and script code into forum pages. Such a cross-site scripting attack may lead to the malicious user gaining administrative access.

https://drupal.org/node/507572

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12

[20130405] - XSS vulnerability in Voting plugin

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate filtering leads to XSS vulnerability in Voting plugin.

CVE-2013-3059

Part of security release: 2.5.10, 3.1.0 and 3.0.4.

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3

Privilege escalation for users having translate content permission

Wed, 04 Mar 2015 16:53:19 GMT

The Content Translation module for Drupal 6.x enables users to make a translation of an existing item of content (a node). In that process the existing node's content was copied into the new node's submission form.

The module contained a flaw that allowed a user with the 'translate content' permission to potentially bypass normal viewing access restrictions, for example allowing the user to see the content of unpublished nodes even if they did not have permission to view unpublished nodes.

Part of security release SA-CORE-2009-001

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8

Session fixation

Wed, 04 Mar 2015 16:53:19 GMT

When contributed modules such as Workflow NG terminate the current request during a login event, user module was not able to regenerate the user's session. This may lead to a session fixation attack, when a malicious user was able to control another users' initial session ID. As the session was not regenerated, the malicious user may use the 'fixed' session ID after the victim authenticates and would have the same access. This issue affects both Drupal 5 and Drupal 6.

Part of security release SA-2008-044

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2

File upload access bypass

Wed, 04 Mar 2015 16:53:19 GMT

A logic error in the core upload module validation allowed unprivileged users to attach files to content. This bug affects Drupal 6.x only.

Part of security release SA-2008-060

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4

CSRF in cached forms

Wed, 04 Mar 2015 16:53:19 GMT

Drupal forms contains a token to protect against cross site request forgeries (CSRF). The token may not been validated properly for cached forms and forms containing AHAH elements.

Part of security release SA-2008-047

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3

[20130801] - Unauthorised Uploads

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate filtering leads to the ability to bypass file type upload restrictions.

Part of security release: 2.5.14 or 3.1.5.

This vulnerability affects the following application versions:

Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4

[CVE-2015-3234] OpenID impersonation vulnerability

Wed, 04 Mar 2015 16:53:19 GMT

A vulnerability was present in the OpenID module that allowed a malicious user to log in as other users on the site, including administrators, and hijack their accounts.

Part of security release SA-CORE-2015-002

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25

Language Manager CSRF vulnerability

Wed, 04 Mar 2015 16:53:19 GMT

osCommerce 2.2 Language Manager upload vulnerability

This vulnerability affects the following application versions:

osCommerce 2.2ms2
osCommerce 2.2ms2-051113
osCommerce 2.2ms2-060817
osCommerce 2.2rc1
osCommerce 2.2rc2
osCommerce 2.2rc2a

Open redirect in drupal_goto()

Wed, 04 Mar 2015 16:53:19 GMT

The API function drupal_goto() is susceptible to a phishing attack. An attacker could formulate a redirect in a way that gets the Drupal site to send the user to an arbitrarily provided URL. No user submitted data will be sent to that URL.

https://drupal.org/node/731710

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15

[CVE-2013-6386] Weakness in pseudorandom number generation using mt_rand()

Wed, 04 Mar 2015 16:53:19 GMT

Drupal core directly used the mt_rand() pseudorandom number generator for generating security related strings used in several core modules. It was found that brute force tools could determine the seeds making these strings predictable under certain circumstances.

Part of security release SA-CORE-2013-003

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23

[20130402] Information disclosure

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate permission checking had allowed unauthorised user to see permission settings in some circumstances.

CVE Number: CVE-2013-3057

Part of security release: 2.5.10, 3.1.0 and 3.0.4.

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3

XSS in Actions

Wed, 04 Mar 2015 16:53:19 GMT

Users with "administer actions permission" can enter action descriptions and messages which are not properly filtered on output. Users with content and taxonomy tag submission permissions can create nodes and taxonomy terms which are not properly sanitized for inclusion in action messages and inject arbitrary HTML and script code into Drupal pages. Such a cross-site scripting attack may lead to the malicious user gaining administrative access.

https://drupal.org/node/880476

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17

[CVE-2012-1591] Disallowed viewing of private images

Wed, 04 Mar 2015 16:53:19 GMT

Drupal core provides the ability to have private files, including images, and Image Styles which create derivative images from an original image that may differ, for example, in size or saturation. Drupal core failed to properly terminate the page request for cached image styles allowing users to access image derivatives for images they should not be able to view. Furthermore, Drupal didn't set the right headers to prevent image styles from being cached in the browser.

Part of security release SA-CORE-2012-002

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12

[20120902] - XSS vulnerability in language switcher module

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate escaping of output leads to XSS vulnerability in language switcher module.

CVE-2012-4532

Part of security release: 2.5.7

This vulnerability affects the following application versions:

Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6

XSS in color module

Wed, 04 Mar 2015 16:53:19 GMT

This vulnerability affects the following application versions:

Drupal 5.0
Drupal 5.1
Drupal 5.2
Drupal 5.3
Drupal 5.4
Drupal 5.5
Drupal 5.6
Drupal 5.7
Drupal 5.8
Drupal 5.9
Drupal 5.10
Drupal 5.11
Drupal 5.12
Drupal 5.13
Drupal 5.14
Drupal 5.15
Drupal 5.16
Drupal 5.17
Drupal 5.18
Drupal 5.19
Drupal 5.20
Drupal 5.21
Drupal 5.22
Drupal 5.23
Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20

XSS in contact module

Wed, 04 Mar 2015 16:53:19 GMT

The Contact module does not correctly handle certain user input when displaying category information. Users privileged to create contact categories can insert arbitrary HTML and script code into the contact module administration page. Such a cross-site scripting attack may lead to the malicious user gaining administrative access.

https://drupal.org/node/661586

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14

XSS in menu administration

Wed, 04 Mar 2015 16:53:19 GMT

The Menu module does not correctly handle certain user input when displaying the menu administration overview. Users privileged to create new menus can insert arbitrary HTML and script code into the menu module administration page. Such a cross-site scripting attack may lead to the malicious user gaining administrative access.

https://drupal.org/node/661586

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14

[CVE-2012-5652] Incorrect permission check in file search

Wed, 04 Mar 2015 16:53:19 GMT

A vulnerability was identified that allows information about uploaded files to be displayed in RSS feeds and search results to users that do not have the "view uploaded files" permission.

Part of security release SA-CORE-2012-004

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26

[20120901] - XSS in default_system

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate escaping of output leads to XSS vulnerability.

CVE-2012-4531

Part of security release: 2.5.7

This vulnerability affects the following application versions:

Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6

[20130401] - Privilege Escalation

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate permission checking allows unauthorised user to delete private messages.

CVE Number: CVE-2013-3056

Part of security release: 2.5.10, 3.1.0 and 3.0.4.

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3

Access bypass through incomplete security token validation

Wed, 04 Mar 2015 16:53:19 GMT

The function drupal_valid_token() could return TRUE for invalid tokens if the caller did not make sure that the token is a string.

Part of security release SA-CORE-2013-003

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23

Injected code execution prevention

Wed, 04 Mar 2015 16:53:19 GMT

Drupal core attempted to add a "defense in depth" protection to prevent script execution by placing a .htaccess file into the files directories that stopped execution of PHP scripts on the Apache web server. This protection is only necessary if there is a vulnerability on the site or on a server that allowed users to upload malicious files. The configuration in the .htaccess file did not prevent code execution on certain Apache web server configurations.

Part of security release SA-CORE-2013-003

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23

Access restriction bypass in class-wp-atom-server.php

Wed, 04 Mar 2015 16:53:19 GMT

The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.

http://www.cvedetails.com/cve/CVE-2012-4421/

core.trac.wordpress.org/changeset/21744

This vulnerability affects the following application versions:

WordPress 3.4
WordPress 3.4.1

XSS in title of book

Wed, 04 Mar 2015 16:53:19 GMT

The title of book pages is not always properly escaped, enabling users with the "create book content" permission or the permission to edit any node in the book hierarchy to insert arbitrary HTML and script code into pages. Such a Cross Site Scripting attack may lead to the attacker gaining administrator access.

https://drupal.org/node/324824

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5

[20130403] - XSS in URI/URL core

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate filtering allows possibility of XSS exploit in some circumstances.

CVE-2013-3058

Part of security release: 2.5.10, 3.1.0 and 3.0.4

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3

DoS in unserialize

Wed, 04 Mar 2015 16:53:19 GMT

Object unserialize method had led to possible denial of service vulnerability.

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3

Unvalidated form redirect in users

Wed, 04 Mar 2015 16:53:19 GMT

Drupal core's Form API allows users to set a destination, but failed to validate that the URL was internal to the site. This weakness could be abused to redirect the login to a remote site with a malicious script that harvests the login credentials and redirects to the live site. This vulnerability is mitigated only by the end user's ability to recognize a URL with malicious query parameters to avoid the social engineering required to exploit the problem.

http://www.cvedetails.com/cve/CVE-2012-1589/

https://drupal.org/node/1557938

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12

[20121101/20121102] - Clickjacking

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate protection leads to clickjacking vulnerability.

CVE-2012-5827

Part of security release: 2.5.8

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 3.0.0
Joomla 3.0.1

Code uploading

Wed, 04 Mar 2015 16:53:19 GMT

File uploads with certain extensions were not correctly processed by the File API. This may lead to the creation of files that were executable by Apache. The .htaccess that was saved into the files directory by Drupal should normally prevent execution. The files were only executable when the server was configured to ignore the directives in the .htaccess file.

Part of security release SA-CORE-2009-008

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13

CSRF in frontpage forms

Wed, 04 Mar 2015 16:53:19 GMT

Drupal core also had a very limited information disclosure vulnerability under very specific conditions. If a user was tricked into visiting the site via a specially crafted URL and then submits a form (such as the search box) from that page, the information in their form submission may be directed to a third-party site determined by the URL and thus disclosed to the third party. The third party site may then execute a CSRF attack against the submitted form.

This vulnerability is limited to forms present on the frontpage. The user login form is not vulnerable.

Part of security release SA-CORE-2009-005

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10

Authentication cookie forgery

Wed, 04 Mar 2015 16:53:19 GMT

Wordpress does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0166

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.8
WordPress 3.8.1

Locale module XSS

Wed, 04 Mar 2015 16:53:19 GMT

Locale module and dependent contributed modules do not sanitize the display of language codes, native and English language names properly. While these usually come from a preselected list, arbitrary administrator input is allowed. This vulnerability is mitigated by the fact that the attacker must have a role with the 'administer languages' permission.

https://drupal.org/node/731710

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15

[CVE-2013-0245] Titles and content of nodes avaible in book module printer friendly version

Wed, 04 Mar 2015 16:53:19 GMT

A vulnerability was identified that exposes the title or, in some cases, the content of nodes that the user should not have access to.

Part of security release SA-CORE-2013-001

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27

Open redirect in overlay module

Wed, 04 Mar 2015 16:53:19 GMT

The Overlay module displays administrative pages as a layer over the current page (using JavaScript), rather than replacing the page in the browser window. The Overlay module did not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability.

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23

XSS via editable slug fields

Wed, 04 Mar 2015 16:53:19 GMT

XSS via editable slug fields

http://codex.wordpress.org/Version_3.3.3
http://core.trac.wordpress.org/changeset/21083/branches/3.3

This vulnerability affects the following application versions:

WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2

[CVE-2014-1476] Access bypass vulnerability in taxonomy module

Wed, 04 Mar 2015 16:53:19 GMT

The Taxonomy module provides various listing pages which display content tagged with a particular taxonomy term. Custom or contributed modules may also provide similar lists. Under certain circumstances, unpublished content could appear on these pages and would be visible to users who should not have permission to see it.

Part of security release SA-CORE-2014-001

This vulnerability affects the following application versions:

Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25

Bookmark get_bookmarks SQL injection

Wed, 04 Mar 2015 16:53:19 GMT

SQL injection in get_bookmarks()

http://core.trac.wordpress.org/changeset/18355

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3

Upload module vulnerabilities

Wed, 04 Mar 2015 16:53:19 GMT

The Upload module in Drupal 6 contained privilege escalation vulnerabilities for users with the "upload files" permission. This cuould lead to users being able to edit nodes which they were normally not allowed to, delete any file to which the webserver had sufficient rights, and download attachments of nodes to which they had no access. Harmful files may also be uploaded via cross site request forgeries (CSRF).

Part of security release SA-2008-047

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3

CSRF allowing adding of OpenID identities to an account

Wed, 04 Mar 2015 16:53:19 GMT

The core OpenID module did not correctly implement Form API for the form that allowed one to link user accounts with OpenID identifiers. A malicious user was therefore able to use cross site request forgeries to add attacker controlled OpenID identities to existing accounts. These OpenID identities could then be used to gain access to the affected accounts.

Part of security release SA-CORE-2009-008

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13

[CVE-2013-0245] Titles and content of nodes avaible in book module printer friendly version

Wed, 04 Mar 2015 16:53:19 GMT

A vulnerability was identified that exposes the title or, in some cases, the content of nodes that the user should not have access to.

Part of security release SA-CORE-2013-001

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18

Unauthorised logins via GMail authentication

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate checking had allowed unauthorised logins via GMail authentication.

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2

[20140303] - Inadequate escaping in several form fields

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate escaping in several form fields leads to XSS vulnerabilities.

CVE-2014-7982

Part of security release: 2.5.19 and 3.2.3

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2

SQL Injection in tags module

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate escaping had led to SQL injection vulnerability in tags module.

This vulnerability affects the following application versions:

Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2

[20140902] - Unauthorised Logins

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate checking allowed unauthorised logins via LDAP authentication.

CVE Number: CVE-2014-6632

Part of security release: 2.5.25, 3.2.5, and 3.3.4

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3

[20140901] - XSS vulnerability in com_media

Wed, 04 Mar 2015 16:53:19 GMT

Inadequate escaping leads to XSS vulnerability in com_media.

CVE-2014-6631

Part of security release: 3.2.5 and 3.3.4

This vulnerability affects the following application versions:

Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3

Remote file inclusion in update scripts

Wed, 04 Mar 2015 16:53:19 GMT

It had been possible for a remote attacker to extract a remotely hosted archive while you had been extracting a backup archive / installing an update, depending on your server settings. The attack was not possible at any other time. Merely having Joomla installed had not made your site vulnerable.

This vulnerability affects the following application versions:

Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5

[CVE-2014-3704] SQL injection in database abstraction layer

Wed, 04 Mar 2015 16:53:19 GMT

Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.

A vulnerability in this API allowed an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this could lead to privilege escalation, arbitrary PHP execution, or other attacks.

This vulnerability could be exploited by anonymous users.

Part of security release SA-CORE-2014-005

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31

[CVE-2014-9015] Session hijacking used empty session keys

Wed, 04 Mar 2015 16:53:19 GMT

A specially crafted request could give a user access to another user's session, allowing an attacker to hijack a random session.

This attack was known to be possible on certain Drupal 7 sites which serve both HTTP and HTTPS content ("mixed-mode"), but it was possible there are other attack vectors for both Drupal 6 and Drupal 7.

Part of security release SA-CORE-2014-006

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 6.33
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33

[CVE-2014-9016] DoS by hashing large passwords

Wed, 04 Mar 2015 16:53:19 GMT

Drupal 7 includes a password hashing API to ensure that user supplied passwords are not stored in plain text.

A vulnerability in this API allowed an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service).

This vulnerability could be exploited by anonymous users.

Part of security release SA-CORE-2014-006

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33

Hash collision for old passwords

Wed, 04 Mar 2015 16:53:19 GMT

An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008

See https://wordpress.org/news/2014/11/wordpress-4-0-1/

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 4.0

DoS when checking large passwords

Wed, 04 Mar 2015 16:53:19 GMT

An issue could lead to a denial of service when passwords are checked.

See https://wordpress.org/news/2014/11/wordpress-4-0-1/

This vulnerability affects the following application versions:

WordPress 2.5
WordPress 2.5.1
WordPress 2.6
WordPress 2.6.1
WordPress 2.6.2
WordPress 2.6.3
WordPress 2.6.5
WordPress 2.7
WordPress 2.7.1
WordPress 2.8
WordPress 2.8.1
WordPress 2.8.2
WordPress 2.8.3
WordPress 2.8.4
WordPress 2.8.5
WordPress 2.8.6
WordPress 2.9
WordPress 2.9.1
WordPress 2.9.2
WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 4.0

Invalidation of password reset tokens

Wed, 04 Mar 2015 16:53:19 GMT

WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address.

See https://wordpress.org/news/2014/11/wordpress-4-0-1/

This vulnerability affects the following application versions:

WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 4.0

XSS vulnerability in commenting system

Wed, 04 Mar 2015 16:53:19 GMT

Wordpress is affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.

An attacker could exploit the vulnerability by entering carefully crafted comments, containing program code, on WordPress blog posts and pages. Under default settings comments can be entered by anyone without authentication (login).

Program code injected in comments would be inadvertedly executed in the blog administrator's web browser when they view the comment. The rogue code could then perform administrative operations by covertly taking over the administror account.

Such operations - demonstrated by our proof of concept exploits - include creating a new administrator account (with a known password), changing the current administrator password, and in the most serious case, executing attacker-supplied PHP code on the server. This grants the attacker operating system level access on the server hosting WordPress.

See https://wordpress.org/news/2014/11/wordpress-4-0-1/ and http://klikki.fi/adv/wordpress.html

This vulnerability affects the following application versions:

WordPress 2.9
WordPress 2.9.1
WordPress 2.9.2
WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 4.0

Validation of EXIF data

Wed, 04 Mar 2015 16:53:19 GMT

Better validation of EXIF data is extracted from uploaded photos.

See https://wordpress.org/news/2014/11/wordpress-4-0-1/

This vulnerability affects the following application versions:

WordPress 2.5
WordPress 2.5.1
WordPress 2.6
WordPress 2.6.1
WordPress 2.6.2
WordPress 2.6.3
WordPress 2.6.5
WordPress 2.7
WordPress 2.7.1
WordPress 2.8
WordPress 2.8.1
WordPress 2.8.2
WordPress 2.8.3
WordPress 2.8.4
WordPress 2.8.5
WordPress 2.8.6
WordPress 2.9
WordPress 2.9.1
WordPress 2.9.2
WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 4.0

Server-side request forgery attacks

Wed, 04 Mar 2015 16:53:19 GMT

Additional protections for server-side request forgery attacks when WordPress makes HTTP requests.

See https://wordpress.org/news/2014/11/wordpress-4-0-1/

This vulnerability affects the following application versions:

WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 4.0

CSRF in password change form

Wed, 04 Mar 2015 16:53:19 GMT

A cross-site request forgery that could be used to trick a user into changing their password.

See https://wordpress.org/news/2014/11/wordpress-4-0-1/

This vulnerability affects the following application versions:

WordPress 3.7.4
WordPress 3.8.4
WordPress 3.9.2
WordPress 4.0

XSS vulnerability in style filter

Wed, 04 Mar 2015 16:53:19 GMT

A cross-site scripting issue that a contributor or author could use to compromise a site.

See https://wordpress.org/news/2014/11/wordpress-4-0-1/

This vulnerability affects the following application versions:

WordPress 2.8.1
WordPress 2.8.2
WordPress 2.8.3
WordPress 2.8.4
WordPress 2.8.5
WordPress 2.8.6
WordPress 2.9
WordPress 2.9.1
WordPress 2.9.2
WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 4.0

XSS vulnerability in Press This error handling

Wed, 04 Mar 2015 16:53:19 GMT

A cross-site scripting issue that a contributor or author could use to compromise a site.

See https://wordpress.org/news/2014/11/wordpress-4-0-1/

This vulnerability affects the following application versions:

WordPress 2.9
WordPress 2.9.1
WordPress 2.9.2
WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 4.0

Full Path Disclosure in file upload

Wed, 04 Mar 2015 16:53:19 GMT

This vulnerability affects the following application versions:

WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3

Brute force attacks against CSRF tokens

Wed, 04 Mar 2015 16:53:20 GMT

Adds protections against brute attacks against CSRF tokens.

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.9
WordPress 3.9.1

[CVE-2015-2559] Access bypass through password reset URL

Thu, 19 Mar 2015 16:48:28 GMT

Password reset URLs could be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password.

Part of security release SA-CORE-2015-001

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 6.33
Drupal 6.34
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34

Open redirect through URL destination parameter

Sat, 21 Mar 2015 00:31:01 GMT

Drupal core frequently uses a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks.

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 6.33
Drupal 6.34
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34

Persistent XSS on cached page

Thu, 16 Apr 2015 13:23:03 GMT

Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually.

This vulnerability affects the following application versions:

WP Supercache 0.9.7
WP Supercache 0.9.8
WP Supercache 0.9.9
WP Supercache 0.9.9.1
WP Supercache 0.9.9.2
WP Supercache 0.9.9.3
WP Supercache 0.9.9.4
WP Supercache 0.9.9.5
WP Supercache 0.9.9.6
WP Supercache 0.9.9.7
WP Supercache 0.9.9.8
WP Supercache 0.9.9.9
WP Supercache 1.0
WP Supercache 1.1
WP Supercache 1.2
WP Supercache 1.3.1
WP Supercache 1.3.2
WP Supercache 1.4
WP Supercache 1.4.1
WP Supercache 1.4.2

File uploads with unsafe filenames

Wed, 22 Apr 2015 17:21:43 GMT

In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded.

This vulnerability affects the following application versions:

WordPress 4.1
WordPress 4.1.1

General XSS vulnerability

Wed, 22 Apr 2015 17:21:43 GMT

WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.

This vulnerability affects the following application versions:

WordPress 2.7
WordPress 2.7.1
WordPress 2.8
WordPress 2.8.1
WordPress 2.8.2
WordPress 2.8.3
WordPress 2.8.4
WordPress 2.8.5
WordPress 2.8.6
WordPress 2.9
WordPress 2.9.1
WordPress 2.9.2
WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 4.0
WordPress 4.0.1
WordPress 4.1
WordPress 4.1.1

SQL injection vulnerability through ordering

Wed, 22 Apr 2015 17:21:43 GMT

SQL injection vulnerability through ordering

This vulnerability affects the following application versions:

WordPress 2.5.1
WordPress 2.6.2
WordPress 2.6.3
WordPress 2.6.5
WordPress 2.7
WordPress 2.7.1
WordPress 2.8
WordPress 2.8.1
WordPress 2.8.2
WordPress 2.8.3
WordPress 2.8.4
WordPress 2.8.5
WordPress 2.8.6
WordPress 2.9
WordPress 2.9.1
WordPress 2.9.2
WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 4.0
WordPress 4.0.1
WordPress 4.1
WordPress 4.1.1

XSS through incomplete comment sanitizing

Tue, 28 Apr 2015 20:13:24 GMT

The WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site.

This vulnerability affects the following application versions:

WordPress 3.7.6
WordPress 3.7.7
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.9.4
WordPress 3.9.5
WordPress 4.0.3
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.2

XSS in Genericons example file

Thu, 07 May 2015 23:27:17 GMT

Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons. Any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.

This vulnerability affects the following application versions:

WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.0.19
WordPress 4.0.20
WordPress 4.0.21
WordPress 4.0.22
WordPress 4.0.23
WordPress 4.0.24
WordPress 4.0.25
WordPress 4.0.26
WordPress 4.0.27
WordPress 4.0.28
WordPress 4.0.29
WordPress 4.0.30
WordPress 4.0.31
WordPress 4.0.32
WordPress 4.0.33
WordPress 4.0.34
WordPress 4.0.35
WordPress 4.0.36
WordPress 4.0.37
WordPress 4.0.38
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.2
WordPress 4.2.1
Genericons 3.0.3
Genericons 3.1
Jetpack 2.8
Jetpack 2.8.3
Jetpack 2.8.4
Jetpack 2.8.5
Jetpack 2.8b1
Jetpack 2.9
Jetpack 2.9.1
Jetpack 2.9.1b1
Jetpack 2.9.2
Jetpack 2.9.3
Jetpack 2.9.4
Jetpack 2.9.5
Jetpack 2.9.6
Jetpack 2.9b1
Jetpack 2.9b2
Jetpack 2.9b3
Jetpack 2.9b4
Jetpack 3.0
Jetpack 3.0.1
Jetpack 3.0.2
Jetpack 3.0.2b1
Jetpack 3.0.2b2
Jetpack 3.0.4
Jetpack 3.0.5
Jetpack 3.0.6
Jetpack 3.1
Jetpack 3.1.1
Jetpack 3.1.3
Jetpack 3.1.4
Jetpack 3.1.5

RNG predictability

Fri, 26 Jun 2015 19:14:58 GMT

Insufficient randomness leads to password reset vulnerability.

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8
Joomla 1.5.9
Joomla 1.5.10
Joomla 1.5.11
Joomla 1.5.12
Joomla 1.5.13
Joomla 1.5.14
Joomla 1.5.15
Joomla 1.5.16
Joomla 1.5.17
Joomla 1.5.18
Joomla 1.5.19
Joomla 1.5.20
Joomla 1.5.21
Joomla 1.5.22
Joomla 1.5.23
Joomla 1.5.24
Joomla 1.5.25

Open redirect through inadequate return value checking

Mon, 06 Jul 2015 16:38:19 GMT

Inadequate checking of the return value had allowed redirecting to an external page.

This vulnerability affects the following application versions:

Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2-rc

Insufficient permission check on draft creation

Tue, 04 Aug 2015 11:58:13 GMT

It is possible for a user with Subscriber permissions to create a draft through Quick Draft.

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2

XSS through inadequate HTML sanitation

Thu, 17 Sep 2015 18:30:43 GMT

WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site.

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2

Attacker can lock posts

Thu, 17 Sep 2015 18:30:43 GMT

WordPress 4.2.3 and earlier allow an attacker to lock posts.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731

https://core.trac.wordpress.org/changeset/33542

This vulnerability affects the following application versions:

WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3

Potential timing side-channel attack

Thu, 17 Sep 2015 18:30:43 GMT

WordPress 4.2.3 and earlier are vulnerable to a timing side-channel attack.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5730

https://core.trac.wordpress.org/changeset/33535

This vulnerability affects the following application versions:

WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3

SQL injection in comment posting

Thu, 17 Sep 2015 18:30:43 GMT

WordPress 4.2.3 and earlier are vulnerable to a SQL injection in comment posting due to insufficient escaping.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213

https://core.trac.wordpress.org/changeset/33555

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3

XSS in links on the legacy theme preview

Thu, 17 Sep 2015 18:30:43 GMT

WordPress 4.2.3 and earlier are vulnerable to a XSS vulnerability through broken links on the legacy theme preview.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734

https://core.trac.wordpress.org/changeset/33549

This vulnerability affects the following application versions:

WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3

XSS in navigation through inadequate HTML sanitation

Thu, 17 Sep 2015 18:30:43 GMT

WordPress 4.2.3 and earlier are vulnerable to a cross-site scripting vulnerability where navigation titles were insufficiently escaped.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5733

https://core.trac.wordpress.org/changeset/33540

This vulnerability affects the following application versions:

WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 4.0
WordPress 4.0.1
WordPress 4.1
WordPress 4.1.1
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3

XSS in widget title through inadequate HTML sanitation

Thu, 17 Sep 2015 18:30:43 GMT

WordPress 4.2.3 and earlier are affected by a cross-site scripting vulnerability where widget titles were not properly escaped.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732

https://core.trac.wordpress.org/changeset/33529

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3

[20151002] Inadequate ACL checks in com_contenthistory

Fri, 23 Oct 2015 17:24:46 GMT

Inadequate ACL checks in com_contenthistory had provided potential read access to data which should be access restricted.

This vulnerability affects the following application versions:

Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2

[20151201] Remote Code Execution Vulnerability

Fri, 23 Oct 2015 17:24:46 GMT

Browser information had not been filtered properly while saving the session values into the database which leads to a Remote Code Execution vulnerability.

This vulnerability affects the following application versions:

Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2

[20151001] Inadequate filtering of request data leads to a SQL Injection vulnerability

Fri, 23 Oct 2015 17:24:46 GMT

Inadequate filtering of request data had led to a SQL injection vulnerability.

This vulnerability affects the following application versions:

Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2

[20150908] - XSS vulnerability in login module

Fri, 23 Oct 2015 17:24:46 GMT

Inadequate escaping leads to XSS vulnerability in login module.

CVE-2015-6939

Part of security release: 3.4.4

This vulnerability affects the following application versions:

Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4-rc
Joomla 3.4.4-rc2

[20151202] Add additional CSRF hardening in com_templates

Mon, 21 Dec 2015 12:09:56 GMT

Add additional CSRF hardening in com_templates had allowed remote attackers to hijack the authentication of unspecified victims via unknown vectors.

This vulnerability affects the following application versions:

Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5

[20151204] Directory traversal

Mon, 21 Dec 2015 12:09:56 GMT

Inadequate filtering of request data leads to a directory traversal vulnerability.

CVE Number: CVE-2015-8565

Part of security release: 3.4.6

This vulnerability affects the following application versions:

Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5

[20151203] Directory traversal

Mon, 21 Dec 2015 12:09:56 GMT

Failure to properly sanitise input data from the XML install file located within an extension's package archive had allowed for directory traversal.

CVE Number: CVE-2015-8564

This vulnerability affects the following application versions:

Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5

[20151201] remote code execution due to improper filtering of browser information

Mon, 21 Dec 2015 17:46:33 GMT

Browser information had not been filtered properly while saving the session values into the database which had led to a remote code execution vulnerability.

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8
Joomla 1.5.9
Joomla 1.5.10
Joomla 1.5.11
Joomla 1.5.12
Joomla 1.5.13
Joomla 1.5.14
Joomla 1.5.15
Joomla 1.5.16
Joomla 1.5.17
Joomla 1.5.18
Joomla 1.5.19
Joomla 1.5.20
Joomla 1.5.21
Joomla 1.5.22
Joomla 1.5.23
Joomla 1.5.24
Joomla 1.5.25
Joomla 1.5.26
Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5

XSS vulnerability in WordPress version 4.4 and earlier

Mon, 11 Jan 2016 12:17:13 GMT

WordPress versions 4.4 and earlier are affected by a cross-site scripting vulnerability that could allow a site to be compromised.

This vulnerability affects the following application versions:

WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.3
WordPress 4.3.1
WordPress 4.4
Akismet 2.5.3
Akismet 2.5.6
Akismet 2.5.7
Akismet 2.5.8
Akismet 2.5.9
Akismet 2.6.0
Akismet 3.0.0
Akismet 3.0.1
Akismet 3.0.2
Akismet 3.0.4
Akismet 3.1
Akismet 3.1.1
Akismet 3.1.3

Open redirection vulnerability in WordPress version 4.4.1 and earlier

Thu, 04 Feb 2016 11:07:41 GMT

WordPress version 4.4.1 and previous are vulnerable to an open redirection attack.

A open redirect is a vulnerability which can be used to get access without having the proper authorization. This vulnerability can be used in phishing attacks.

https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/

This vulnerability affects the following application versions:

WordPress 2.3
WordPress 2.3.1
WordPress 2.3.2
WordPress 2.3.3
WordPress 2.5
WordPress 2.5.1
WordPress 2.6
WordPress 2.6.1
WordPress 2.6.2
WordPress 2.6.3
WordPress 2.6.5
WordPress 2.7
WordPress 2.7.1
WordPress 2.8
WordPress 2.8.1
WordPress 2.8.2
WordPress 2.8.3
WordPress 2.8.4
WordPress 2.8.5
WordPress 2.8.6
WordPress 2.9
WordPress 2.9.1
WordPress 2.9.2
WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.4
WordPress 4.4.1

SSRF vulnerability for certain local URIs

Thu, 04 Feb 2016 11:07:41 GMT

WordPress version 4.4.1 and previous contain a possible Server Side Request Forgery (SSRF) exploit in the HTTP URL validator.

https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/

This vulnerability affects the following application versions:

WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.4
WordPress 4.4.1

[CVE-2016-3163] Brute force amplification attacks via XML-RPC (XML-RPC server - Drupal 6 and 7 - Moderately Critical)

Mon, 29 Feb 2016 20:46:12 GMT

The XML-RPC system allowed a large number of calls to the same method to be made at once, which could be used as an enabling factor in brute force attacks (for example, attempting to determine user passwords by submitting a large number of password variations at once).

This vulnerability is mitigated by the fact that you must have enabled a module that provides an XML-RPC method that was vulnerable to brute-forcing. There are no such modules in Drupal 7 core, but Drupal 6 core is vulnerable via the Blog API module. It is additionally mitigated if flood control protection is in place for the method in question.

Part of security release SA-CORE-2016-001

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 6.33
Drupal 6.34
Drupal 6.35
Drupal 6.36
Drupal 6.37
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42

[CVE-2016-3162] File upload access bypass and denial of service

Mon, 29 Feb 2016 20:46:12 GMT

A vulnerability existed in the File module that allowed a malicious user to view, delete or substitute a link to a file that the victim had uploaded to a form while the form had not yet been submitted and processed. If an attacker carried out this attack continuously, all file uploads to a site could be blocked by deleting all temporary files before they could be saved.

This vulnerability is mitigated by the fact that the attacker must have permission to create content or comment and upload files as part of that process.

Part of security release SA-CORE-2016-001

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3

[CVE-2016-3164] Open redirect via path manipulation

Mon, 29 Feb 2016 20:46:12 GMT

The current path could be populated with an external URL. This could lead to open redirect vulnerabilities.

This vulnerability is mitigated by the fact that it would only occur in combination with custom code, or in certain cases if a user submits a form shown on a 404 page with a specially crafted URL.

For Drupal 6, this patch also solves: Open redirect via double-encoded 'destination' parameter

The drupal_goto() function in Drupal 6 improperly decodes the contents of $_REQUEST['destination'] before using it, which allows the function's open redirect protection to be bypassed and allows an attacker to initiate a redirect to an arbitrary external URL.

This vulnerability is mitigated by that fact that the attack is not possible for sites running on PHP 5.4.7 or greater.

Part of security release SA-CORE-2016-001

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 6.33
Drupal 6.34
Drupal 6.35
Drupal 6.36
Drupal 6.37
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3

[CVE-2016-3165] Form API ignores access restrictions on submit buttons

Mon, 29 Feb 2016 20:46:12 GMT

An access bypass vulnerability was found that allows input to be submitted, for example using JavaScript, for form button elements that a user is not supposed to have access to because the button was blocked by setting #access to FALSE in the server-side form definition.

This vulnerability is mitigated by the fact that the attacker must have access to submit a form that has such buttons defined for it (for example, a form that both administrators and non-administrators can access, but where administrators have additional buttons available to them).

Part of security release SA-CORE-2016-001

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 6.33
Drupal 6.34
Drupal 6.35
Drupal 6.36
Drupal 6.37

[CVE-2016-3171] Session data truncation could lead to unserialization of user provided data

Mon, 29 Feb 2016 20:46:12 GMT

On certain older versions of PHP, user-provided data stored in a Drupal session may be unserialized leading to possible remote code execution.

This issue is mitigated by the fact that it requires an unusual set of circumstances to exploit and depends on the particular Drupal code that is running on the site. It is also believed to be mitigated by upgrading to PHP 5.4.45, 5.5.29, 5.6.13, or any higher version.

Part of security release SA-CORE-2016-001

This vulnerability affects the following application versions:

Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 6.33
Drupal 6.34
Drupal 6.35
Drupal 6.36
Drupal 6.37

[20140224] Reflected file download vulnerability

Thu, 03 Mar 2016 13:00:26 GMT

Drupal core has a reflected file download vulnerability that could allow an attacker to trick a user into downloading and running a file with arbitrary JSON-encoded content.

This vulnerability is mitigated by the fact that the victim must be a site administrator and that the full version of the attack only works with certain web browsers.

https://www.drupal.org/SA-CORE-2016-001

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 6.33
Drupal 6.34
Drupal 6.35
Drupal 6.36
Drupal 6.37
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42

[CVE-2016-3170] Email address could be matched to an account

Thu, 03 Mar 2016 13:00:26 GMT

In certain configurations where a user's email addresses could be used to log in instead of their username, links to "have you forgotten your password" could reveal the username associated with a particular email address, leading to an information disclosure vulnerability.

This issue is mitigated by the fact that it requires a contributed module to be installed that permits logging in with an email address, and that it is only relevant on sites where usernames are typically chosen to hide the users' real-life identities.

Part of security release SA-CORE-2016-001

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3

[CVE-2016-3166] HTTP header injection using line breaks

Thu, 03 Mar 2016 13:00:26 GMT

A vulnerability in the drupal_set_header() function allowed an HTTP header injection attack to be performed if user-generated content was passed as a header value on sites running PHP versions older than 5.1.2. If the content contains line breaks the user may be able to set arbitrary headers of their own choosing.

This vulnerability is mitigated by the fact that most hosts have newer versions of PHP installed, and that it requires a module to be installed on the site that allows user-submitted data to appear in HTTP headers.

Part of security release SA-CORE-2016-001

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 6.33
Drupal 6.34
Drupal 6.35
Drupal 6.36
Drupal 6.37

[CVE-2016-3169] Saving user accounts could sometimes grant the user all roles

Mon, 07 Mar 2016 18:02:16 GMT

Some specific contributed or custom code may call Drupal's user_save() API in a manner different than Drupal core. Depending on the data that has been added to a form or the array prior to saving, this could lead to a user gaining all roles on a site.

This issue is mitigated by the fact that it requires contributed or custom code that calls user_save() with an explicit category and code that loads all roles into the array.

Part of security release SA-CORE-2016-001

This vulnerability affects the following application versions:

Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 6.33
Drupal 6.34
Drupal 6.35
Drupal 6.36
Drupal 6.37
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42

[20151207] Inadequate filtering of request data leads to a SQL injection vulnerability

Fri, 11 Mar 2016 13:13:38 GMT

Inadequate filtering of request data had led to a SQL injection vulnerability.

This vulnerability affects the following application versions:

Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6

Script compression option cross-site request forgery (CSRF)

Tue, 19 Apr 2016 09:55:40 GMT

In previous versions the compression option contains a cross-site request forgery (CSRF) vulnerability that can be exploited by hackers.

This vulnerability affects the following application versions:

WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2

Reflected XSS on the network settings page

Tue, 19 Apr 2016 09:55:40 GMT

Previous versions contain a possible Cross-Site Scripting (XSS) exploit on the network settings page that can be exploited by hackers.

This vulnerability affects the following application versions:

WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2

SSRF Bypass using Octal & Hexedecimal IP addresses

Tue, 19 Apr 2016 09:55:40 GMT

Previous versions contain a possible Server Side Request Forgery (SSRF) exploit in the HTTP URL validator by using Octal & Hexedecimal IP addresses.

This vulnerability affects the following application versions:

WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2

Reflected XSS on the network settings page

Wed, 18 May 2016 14:33:03 GMT

Previous versions contain a possible Cross-Site Scripting (XSS) exploit on the network settings page that can be exploited by hackers.

This vulnerability affects the following application versions:

WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10

[20140224] Reflected file download vulnerability

Wed, 18 May 2016 14:33:03 GMT

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24

[20151207] Inadequate filtering of request data leads to a SQL injection vulnerability

Wed, 18 May 2016 14:33:03 GMT

Inadequate filtering of request data had led to a SQL injection vulnerability.

This vulnerability affects the following application versions:

Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6

[CVE-2016-3171] Session data truncation could lead to unserialization of user provided data

Wed, 18 May 2016 14:33:03 GMT

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18

[CVE-2016-3169] Saving user accounts could sometimes grant the user all roles

Wed, 18 May 2016 14:33:03 GMT

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9

[CVE-2016-3169] Saving user accounts could sometimes grant the user all roles

Wed, 29 Jun 2016 10:57:28 GMT

A hacker may acquire administrator rights using a custom Drupal module hat performs a form rebuild during submission of the user profile form.

Part of security release SA-CORE-2016-001

This vulnerability affects the following application versions:

Drupal 5.0
Drupal 5.1
Drupal 5.2
Drupal 5.3
Drupal 5.4
Drupal 5.5
Drupal 5.6
Drupal 5.7
Drupal 5.8
Drupal 5.9
Drupal 5.10
Drupal 5.11
Drupal 5.12
Drupal 5.13
Drupal 5.14
Drupal 5.15
Drupal 5.16
Drupal 5.17
Drupal 5.18
Drupal 5.19
Drupal 5.20
Drupal 5.21
Drupal 5.22
Drupal 5.23
Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 6.33
Drupal 6.34
Drupal 6.35
Drupal 6.36
Drupal 6.37
Drupal 6.38
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 7.43

[20160621] Redirect bypass in the customizer

Wed, 29 Jun 2016 10:57:28 GMT

Redirect bypass in the customizer.

https://wordpress.org/news/2016/06/wordpress-4-5-3/

This vulnerability affects the following application versions:

WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2

[20160621] Revision history information disclosure

Wed, 29 Jun 2016 10:57:28 GMT

Revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen.

https://codex.wordpress.org/Version_4.5.3

This vulnerability affects the following application versions:

WordPress 2.6
WordPress 2.6.1
WordPress 2.6.2
WordPress 2.6.3
WordPress 2.6.5
WordPress 2.7
WordPress 2.7.1
WordPress 2.8
WordPress 2.8.1
WordPress 2.8.2
WordPress 2.8.3
WordPress 2.8.4
WordPress 2.8.5
WordPress 2.8.6
WordPress 2.9
WordPress 2.9.1
WordPress 2.9.2
WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2

[20160621] Two different XSS problems via attachment names

Wed, 29 Jun 2016 10:57:28 GMT

Two different XSS problems via attachment names, reported by Jouko Pynnönen and Divyesh Prajapati

https://codex.wordpress.org/Version_4.5.3

This vulnerability affects the following application versions:

WordPress 2.9
WordPress 2.9.1
WordPress 2.9.2
WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2

[20160621] Less secure santize_file_name edge case

Wed, 29 Jun 2016 10:57:28 GMT

Less secure sanitize_file_name edge cases reported by Peter Westwood of the WordPress security team

https://codex.wordpress.org/Version_4.5.3

This vulnerability affects the following application versions:

WordPress 2.9
WordPress 2.9.1
WordPress 2.9.2
WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.5.1
WordPress 4.5.2

[20160621] oEmbed Denial of Service

Wed, 29 Jun 2016 10:57:28 GMT

oEmbed denial of service reported by Jennifer Dodd from Automattic

https://wordpress.org/news/2016/06/wordpress-4-5-3/

This vulnerability affects the following application versions:

WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2

[20160621] Password change via stolen cookie

Wed, 29 Jun 2016 10:57:28 GMT

Password change via stolen cookie, reported by Michael Adams from the WordPress security team.

https://codex.wordpress.org/Version_4.5.3

This vulnerability affects the following application versions:

WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2

[20160621] Unauthorized category removal from a post

Thu, 30 Jun 2016 11:08:08 GMT

Unauthorized category removal from a post, reported by David Herrera from Alley Interactive

https://codex.wordpress.org/Version_4.5.3

This vulnerability affects the following application versions:

WordPress 2.9
WordPress 2.9.1
WordPress 2.9.2
WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2

[SA-CONTRIB-2016-038] Remote code execution

Thu, 14 Jul 2016 10:03:11 GMT

The Webform Multifile File Upload module contains a Remote Code Execution (RCE) vulnerability where form inputs will be unserialized and a specially crafted form input may trigger arbitrary code execution depending on the libraries available on a site.

This vulnerability is mitigated by the fact that an attacker must have the ability to submit a Webform with a Multiple File Input field. Further, a site must have an object defined with methods that are invoked at wake/destroy that include code that can be leveraged for malicious purposes. Drupal 7 Core contains one such class which can be used to delete arbitrary files, but contributed or custom classes may include methods that can be leveraged for RCE.

This vulnerability affects the following application versions:

Drupal Module Webform Multifile 6.x-1.0
Drupal Module Webform Multifile 6.x-1.1
Drupal Module Webform Multifile 6.x-1.2
Drupal Module Webform Multifile 6.x-1.3
Drupal Module Webform Multifile 7.x-1.2
Drupal Module Webform Multifile 7.x-1.3

[SA-CONTRIB-2016-039] Arbitrary PHP code execution

Thu, 14 Jul 2016 10:03:11 GMT

The Coder module checks your Drupal code against coding standards and other best practices. It can also fix coding standard violations and perform basic upgrades on modules.

The module doesn't sufficiently validate user inputs in a script file that has the php extension. A malicious unauthenticated user can make requests directly to this file to execute arbitrary php code.

There are no mitigating factors. The module does not need to be enabled for this to be exploited. Its presence on the file system and being reachable from the web are sufficient.

This vulnerability affects the following application versions:

Drupal Module Coder 7.x-1.0
Drupal Module Coder 7.x-1.0-beta5
Drupal Module Coder 7.x-1.0-beta6
Drupal Module Coder 7.x-1.1
Drupal Module Coder 7.x-1.2
Drupal Module Coder 7.x-2.0
Drupal Module Coder 7.x-2.0-beta1
Drupal Module Coder 7.x-2.0-beta2
Drupal Module Coder 7.x-2.1
Drupal Module Coder 7.x-2.2
Drupal Module Coder 7.x-2.3
Drupal Module Coder 7.x-2.4
Drupal Module Coder 7.x-2.5
Drupal Module Coder 8.x-2.0-alpha1

[SA-CONTRIB-2016-040] Specially crafted requests allow arbitrary PHP execution

Thu, 14 Jul 2016 10:03:11 GMT

RESTWS alters the default page callbacks for entities to provide additional functionality.

A vulnerability in this approach allows an attacker to send specially crafted requests resulting in arbitrary PHP execution.

There are no mitigating factors. This vulnerability can be exploited by anonymous users.

This vulnerability affects the following application versions:

Drupal Module RESTWS 7.x-1.0
Drupal Module RESTWS 7.x-1.0-beta1
Drupal Module RESTWS 7.x-1.0-beta2
Drupal Module RESTWS 7.x-1.1
Drupal Module RESTWS 7.x-1.2
Drupal Module RESTWS 7.x-1.3
Drupal Module RESTWS 7.x-1.4
Drupal Module RESTWS 7.x-1.5
Drupal Module RESTWS 7.x-1.6
Drupal Module RESTWS 7.x-2.0
Drupal Module RESTWS 7.x-2.0-alpha1
Drupal Module RESTWS 7.x-2.0-alpha2
Drupal Module RESTWS 7.x-2.0-alpha3
Drupal Module RESTWS 7.x-2.0-alpha4
Drupal Module RESTWS 7.x-2.0-alpha5
Drupal Module RESTWS 7.x-2.1
Drupal Module RESTWS 7.x-2.2
Drupal Module RESTWS 7.x-2.3
Drupal Module RESTWS 7.x-2.4
Drupal Module RESTWS 7.x-2.5

[CVE-2016-5385] Guzzle library vulnerability allowed a hacker to set 3rd party proxy

Mon, 18 Jul 2016 19:05:16 GMT

Drupal 8 uses the third-party PHP library Guzzle for making server-side HTTP requests. An attacker could provide a proxy server that Guzzle will use. The details of this are explained at https://httpoxy.org/.

Part of security release SA-CORE-2016-003

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6

[20160802] - XSS Vulnerability in mail component

Fri, 05 Aug 2016 10:36:02 GMT

Inadequate escaping leads to XSS vulnerability in mail component.

Part of security release: 3.6.1

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8
Joomla 1.5.9
Joomla 1.5.10
Joomla 1.5.11
Joomla 1.5.12
Joomla 1.5.13
Joomla 1.5.14
Joomla 1.5.15
Joomla 1.5.16
Joomla 1.5.17
Joomla 1.5.18
Joomla 1.5.19
Joomla 1.5.20
Joomla 1.5.21
Joomla 1.5.22
Joomla 1.5.23
Joomla 1.5.24
Joomla 1.5.25
Joomla 1.5.26
Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2

[20160801] ACL Violation - Inadequate ACL checks in com_content

Fri, 05 Aug 2016 10:36:02 GMT

Inadequate ACL checks in com_content had provided potential read access to data which should be access restricted to users with edit_own level.

This vulnerability affects the following application versions:

Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2

Cross-site scripting vulnerability via image filename

Thu, 08 Sep 2016 12:40:32 GMT

Hackers can abuse the file image upload filename to execute a "cross-site scripting" (XSS) attack.

This vulnerability affects the following application versions:

WordPress 2.5
WordPress 2.5.1
WordPress 2.6
WordPress 2.6.1
WordPress 2.6.2
WordPress 2.6.3
WordPress 2.6.5
WordPress 2.7
WordPress 2.7.1
WordPress 2.8
WordPress 2.8.1
WordPress 2.8.2
WordPress 2.8.3
WordPress 2.8.4
WordPress 2.8.5
WordPress 2.8.6
WordPress 2.9
WordPress 2.9.1
WordPress 2.9.2
WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.6

Path traversal vulnerability in the upgrade package uploader

Thu, 08 Sep 2016 12:40:32 GMT

A user that has access to the upgrader module can use a specially crafted filename to upload a file in different location.

This vulnerability affects the following application versions:

WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.6

[SA-CORE-2016-004] Cross-site Scripting in http exceptions

Thu, 22 Sep 2016 15:05:05 GMT

An attacker could create a specially crafted url, which could execute arbitrary code in the victim’s browser if loaded. Drupal was not properly sanitizing an exception

This vulnerability affects the following application versions:

Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9

[CVE-2016-7570] Users without "Administer comments" could set comment visibility on nodes they can edit

Thu, 22 Sep 2016 15:05:05 GMT

Users who have rights to edit a node, can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission.

Part of security patch SA-CORE-2016-004

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9

[CVE-2016-7572] Full config export could be downloaded without administrative permissions

Thu, 22 Sep 2016 15:05:05 GMT

The system.temporary route would allow the download of a full config export. The full config export should be limited to those with Export configuration permission.

Part of security release SA-CORE-2016-004

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9

[20161001/20161002] - Account Creation/Elevated Privileges

Tue, 25 Oct 2016 15:24:44 GMT

Inadequate checks allows for users to register on a site when registration has been disabled.

Incorrect use of unfiltered data allows for users to register on a site with elevated privileges.

CVE Number: CVE-2016-8870/CVE-2016-8869

Part of security release: 3.6.4

This vulnerability affects the following application versions:

Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3

Inconsistent name for term access query

Fri, 18 Nov 2016 11:54:09 GMT

Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict access to certain entities by implementing hook_query_alter() or hook_query_TAG_alter() in order to add additional conditions. Queries can be distinguished by means of query tags. As the documentation on EntityFieldQuery::addTag() suggests, access-tags on entity queries normally follow the form ENTITY_TYPE_access (e.g. node_access). However, the taxonomy module's access query tag predated this system and used term_access as the query tag instead of taxonomy_term_access.

As a result, before this security release modules wishing to restrict access to taxonomy terms may have implemented an unsupported tag, or needed to look for both tags (term_access and taxonomy_term_access) in order to be compatible with queries generated both by Drupal core as well as those generated by contributed modules like Entity Reference. Otherwise information on taxonomy terms might have been disclosed to unprivileged users.

Part of security release SA-CORE-2016-005

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 7.43
Drupal 7.44
Drupal 7.50
Drupal 7.51
Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2

[CVE-2016-9451] Confirmation forms allowed external URLs to be injected

Fri, 18 Nov 2016 11:54:09 GMT

Under certain circumstances, malicious users could construct a URL to a confirmation form that would trick users into being redirected to a 3rd party website after interacting with the form, thereby exposing the users to potential social engineering attacks.

Part of security release SA-CORE-2016-005

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 7.43
Drupal 7.44
Drupal 7.50
Drupal 7.51

[CVE-2016-9450] Incorrect cache context on password reset page

Fri, 18 Nov 2016 11:54:09 GMT

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

Part of security release SA-CORE-2016-005

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2

[CVE-2016-9452] Denial of service via transliterate mechanism

Fri, 18 Nov 2016 11:54:09 GMT

A specially crafted URL could cause a denial of service via the transliterate mechanism.

Part of security release SA-CORE-2016-005

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2

[20161202] - Shell Upload

Wed, 14 Dec 2016 15:36:25 GMT

Inadequate filesystem checks allowed files with alternative PHP file extensions to be uploaded.

CVE Number: CVE-2016-9836

Part of security release: 3.6.5

This vulnerability affects the following application versions:

Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4

[20161201] Elevated Privileges

Wed, 14 Dec 2016 15:36:25 GMT

Incorrect use of unfiltered data stored to the session on a form validation failure had allowed for existing user accounts to be modified; to include resetting their username, password, and user group assignments.

CVE Number: CVE-2016-9838

Part of security release: 3.6.5

This vulnerability affects the following application versions:

Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4

[20161203] Information disclosure

Wed, 14 Dec 2016 15:36:25 GMT

Inadequate ACL checks in the Beez3 com_content article layout override had enabled a user to view restricted content.

This vulnerability affects the following application versions:

Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4

[CVE-2016-10033] Remote Code Execution in PHPMailer

Tue, 27 Dec 2016 14:27:40 GMT

An independent researcher uncovered a critical vulnerability in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application.

To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class.

This vulnerability affects the following application versions:

WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.6
WordPress 4.6.1
WordPress 4.7

[CVE-2016-10033] Remote Code Execution

Tue, 27 Dec 2016 14:27:40 GMT

This vulnerability affects the following application versions:

Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
ownCloud 7.0.0
ownCloud 7.0.1
ownCloud 7.0.2
ownCloud 7.0.3
ownCloud 7.0.4
ownCloud 7.0.5
ownCloud 7.0.6
ownCloud 7.0.7
ownCloud 7.0.8
ownCloud 7.0.10
ownCloud 7.0.11
ownCloud 7.0.12
ownCloud 8.0.0
ownCloud 8.0.2
ownCloud 8.0.3
ownCloud 8.0.4
ownCloud 8.0.5
ownCloud 8.0.6
ownCloud 8.0.8
ownCloud 8.0.9
ownCloud 8.0.10
LimeSurvey 1.1.0
LimeSurvey 2.05+140730
LimeSurvey 2.05+140811
LimeSurvey 2.05+140821
LimeSurvey 2.05+140902
LimeSurvey 2.05+140911
LimeSurvey 2.05+140915
LimeSurvey 2.05+141003
LimeSurvey 2.05+141020
LimeSurvey 2.05+141109
LimeSurvey 2.05+141110
LimeSurvey 2.05+141113
LimeSurvey 2.05+141123
LimeSurvey 2.05+141126
LimeSurvey 2.05+141210
LimeSurvey 2.05+141229
LimeSurvey 2.05+150211
LimeSurvey 2.05+150310
LimeSurvey 2.05+150413
LimeSurvey 2.05+150508
LimeSurvey 2.05+150520
LimeSurvey 2.06+150611
LimeSurvey 2.06+150612
LimeSurvey 2.06+150619
LimeSurvey 2.06+150629
LimeSurvey 2.06+150723
LimeSurvey 2.06+150730
LimeSurvey 2.06+150731
LimeSurvey 2.06+150824
LimeSurvey 2.06+150831
LimeSurvey 2.06+151016
LimeSurvey 2.06+151018
LimeSurvey 2.06+151109
LimeSurvey 2.06+151126
LimeSurvey 2.06+151205
LimeSurvey 2.06+151215
LimeSurvey 2.06+160123
LimeSurvey 2.06+160129
LimeSurvey 2.06+150729
LimeSurvey 2.06+150812
LimeSurvey 2.06+150825
LimeSurvey 2.06+150911
LimeSurvey 2.06+150930
LimeSurvey 2.06+151014
LimeSurvey 2.06+160121
LimeSurvey 2.06RC1
LimeSurvey 2.06RC2
LimeSurvey 2.50.1
LimeSurvey 2.50+160202
LimeSurvey 2.50+160204
LimeSurvey 2.50+160206
LimeSurvey 2.50+160210
LimeSurvey 2.50+160212
LimeSurvey 2.50+160215
LimeSurvey 2.50+160216
LimeSurvey 2.50+160218
LimeSurvey 2.50+160219
LimeSurvey 2.50+160222
LimeSurvey 2.50+160223
LimeSurvey 2.50+160225
LimeSurvey 2.50+160228
LimeSurvey 2.50+160307
LimeSurvey 2.50+160308
LimeSurvey 2.50+160311
LimeSurvey 2.50+160316
LimeSurvey 2.50+160401
LimeSurvey 2.50+160404
LimeSurvey 2.50+160405
LimeSurvey 2.50+160411
LimeSurvey 2.50+160413
LimeSurvey 2.50+160414
LimeSurvey 2.50+160415
LimeSurvey 2.50+160418
LimeSurvey 2.50+160421
LimeSurvey 2.50+160428
LimeSurvey 2.50+160430
LimeSurvey 2.50+160504
LimeSurvey 2.50+160506
LimeSurvey 2.50+160512
LimeSurvey 2.50+160517
LimeSurvey 2.50+160523
LimeSurvey 2.50+160526
LimeSurvey 2.50+160602
LimeSurvey 2.50+160606
LimeSurvey 2.50+160613
LimeSurvey 2.50+160614
LimeSurvey 2.50+160616
LimeSurvey 2.50+160620
LimeSurvey 2.50+160715
LimeSurvey 2.50+160718
LimeSurvey 2.50+160726
LimeSurvey 2.50+160731
LimeSurvey 2.50+160804
LimeSurvey 2.50+160816
LimeSurvey 2.50+160817
LimeSurvey 2.50+160213
LimeSurvey 2.50+160217
LimeSurvey 2.50+160309
LimeSurvey 2.50+160310
LimeSurvey 2.50+160314
LimeSurvey 2.50+160317
LimeSurvey 2.50+160323
LimeSurvey 2.50+160330
LimeSurvey 2.50+160407
LimeSurvey 2.50+160408
LimeSurvey 2.50+160412
LimeSurvey 2.50+160425
LimeSurvey 2.50+160426
LimeSurvey 2.50+160503
LimeSurvey 2.50+160516
LimeSurvey 2.50+160525
LimeSurvey 2.50+160529
LimeSurvey 2.50+160603
LimeSurvey 2.50+160714
LimeSurvey 2.50+160725
LimeSurvey 2.50+160727
LimeSurvey 2.50+160728
LimeSurvey 2.50+160810
LimeSurvey 2.50+160812
LimeSurvey 2.50RC1
LimeSurvey 2.50RC2
LimeSurvey 2.50RC3
LimeSurvey 2.50RC4
LimeSurvey 2.50RC5
LimeSurvey 2.50RC6
LimeSurvey 2.50RC7
LimeSurvey 2.50RC8
LimeSurvey 2.51.0
LimeSurvey 2.51.1
LimeSurvey 2.51.2
LimeSurvey 2.51.3
LimeSurvey 2.51.4
LimeSurvey 2.51.4+160908
LimeSurvey 2.52+160929
LimeSurvey 2.53+161004
LimeSurvey 2.54.1+161010
LimeSurvey 2.54+161007
LimeSurvey 2.54.2+161012
LimeSurvey 2.54.3+161014
LimeSurvey 2.54.4+161018
LimeSurvey 2.54.5+161019
LimeSurvey 2.55.1+161026
LimeSurvey 2.55+161021
LimeSurvey 2.55.2+161103
LimeSurvey 2.55.3+161111
LimeSurvey 2.56.1+161118
LimeSurvey 2.56+161117
LimeSurvey 2.57.0+161202
LimeSurvey 2.57.1+161205
MODX 2.3.0-pl
MODX 2.3.1-pl
MODX 2.3.2-pl
MODX 2.3.3-pl
MODX 2.3.4-pl
MODX 2.3.5-pl
MODX 2.3.6-pl
MODX 2.4.0-pl
MODX 2.4.1-pl
MODX 2.4.2-pl
MODX 2.4.3-pl
MODX 2.4.4-pl
MODX 2.5.0-pl
MODX 2.5.1-pl
MODX 2.5.2-pl
Booked 2.6
phpList 3.0.9
phpList 3.0.10
phpList 3.0.11
phpList 3.0.12
phpList 3.2.0
phpList 3.2.1
phpList 3.2.2
phpList 3.2.3
phpList 3.2.4
phpList 3.2.5
phpList 3.2.6
XOOPS 2.5.8
XOOPS 2.5.8-beta1
XOOPS 2.5.8-rc1
XOOPS 2.5.8-rc2
XOOPS 2.5.8-rc3
PHPMailer 5.0.0
PHPMailer 5.0.2
PHPMailer 5.1
PHPMailer 5.1.0
PHPMailer 5.2.4
PHPMailer 5.2.5
PHPMailer 5.2.6
PHPMailer 5.2.7
PHPMailer 5.2.8
PHPMailer 5.2.9
PHPMailer 5.2.10
PHPMailer 5.2.11
PHPMailer 5.2.12
PHPMailer 5.2.13
PHPMailer 5.2.14
PHPMailer 5.2.15
PHPMailer 5.2.16
PHPMailer 5.2.17

[CVE-2016-10045] Remote Code Execution

Wed, 28 Dec 2016 17:00:51 GMT

This vulnerability affects the following application versions:

Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
ownCloud 7.0.0
ownCloud 7.0.1
ownCloud 7.0.2
ownCloud 7.0.3
ownCloud 7.0.4
ownCloud 7.0.5
ownCloud 7.0.6
ownCloud 7.0.7
ownCloud 7.0.8
ownCloud 7.0.10
ownCloud 7.0.11
ownCloud 7.0.12
ownCloud 8.0.0
ownCloud 8.0.2
ownCloud 8.0.3
ownCloud 8.0.4
ownCloud 8.0.5
ownCloud 8.0.6
ownCloud 8.0.8
ownCloud 8.0.9
ownCloud 8.0.10
LimeSurvey 1.1.0
LimeSurvey 2.05+140730
LimeSurvey 2.05+140811
LimeSurvey 2.05+140821
LimeSurvey 2.05+140902
LimeSurvey 2.05+140911
LimeSurvey 2.05+140915
LimeSurvey 2.05+141003
LimeSurvey 2.05+141020
LimeSurvey 2.05+141109
LimeSurvey 2.05+141110
LimeSurvey 2.05+141113
LimeSurvey 2.05+141123
LimeSurvey 2.05+141126
LimeSurvey 2.05+141210
LimeSurvey 2.05+141229
LimeSurvey 2.05+150211
LimeSurvey 2.05+150310
LimeSurvey 2.05+150413
LimeSurvey 2.05+150508
LimeSurvey 2.05+150520
LimeSurvey 2.06+150611
LimeSurvey 2.06+150612
LimeSurvey 2.06+150619
LimeSurvey 2.06+150629
LimeSurvey 2.06+150723
LimeSurvey 2.06+150730
LimeSurvey 2.06+150731
LimeSurvey 2.06+150824
LimeSurvey 2.06+150831
LimeSurvey 2.06+151016
LimeSurvey 2.06+151018
LimeSurvey 2.06+151109
LimeSurvey 2.06+151126
LimeSurvey 2.06+151205
LimeSurvey 2.06+151215
LimeSurvey 2.06+160123
LimeSurvey 2.06+160129
LimeSurvey 2.06+150729
LimeSurvey 2.06+150812
LimeSurvey 2.06+150825
LimeSurvey 2.06+150911
LimeSurvey 2.06+150930
LimeSurvey 2.06+151014
LimeSurvey 2.06+160121
LimeSurvey 2.06RC1
LimeSurvey 2.06RC2
LimeSurvey 2.50.1
LimeSurvey 2.50+160202
LimeSurvey 2.50+160204
LimeSurvey 2.50+160206
LimeSurvey 2.50+160210
LimeSurvey 2.50+160212
LimeSurvey 2.50+160215
LimeSurvey 2.50+160216
LimeSurvey 2.50+160218
LimeSurvey 2.50+160219
LimeSurvey 2.50+160222
LimeSurvey 2.50+160223
LimeSurvey 2.50+160225
LimeSurvey 2.50+160228
LimeSurvey 2.50+160307
LimeSurvey 2.50+160308
LimeSurvey 2.50+160311
LimeSurvey 2.50+160316
LimeSurvey 2.50+160401
LimeSurvey 2.50+160404
LimeSurvey 2.50+160405
LimeSurvey 2.50+160411
LimeSurvey 2.50+160413
LimeSurvey 2.50+160414
LimeSurvey 2.50+160415
LimeSurvey 2.50+160418
LimeSurvey 2.50+160421
LimeSurvey 2.50+160428
LimeSurvey 2.50+160430
LimeSurvey 2.50+160504
LimeSurvey 2.50+160506
LimeSurvey 2.50+160512
LimeSurvey 2.50+160517
LimeSurvey 2.50+160523
LimeSurvey 2.50+160526
LimeSurvey 2.50+160602
LimeSurvey 2.50+160606
LimeSurvey 2.50+160613
LimeSurvey 2.50+160614
LimeSurvey 2.50+160616
LimeSurvey 2.50+160620
LimeSurvey 2.50+160715
LimeSurvey 2.50+160718
LimeSurvey 2.50+160726
LimeSurvey 2.50+160731
LimeSurvey 2.50+160804
LimeSurvey 2.50+160816
LimeSurvey 2.50+160817
LimeSurvey 2.50+160213
LimeSurvey 2.50+160217
LimeSurvey 2.50+160309
LimeSurvey 2.50+160310
LimeSurvey 2.50+160314
LimeSurvey 2.50+160317
LimeSurvey 2.50+160323
LimeSurvey 2.50+160330
LimeSurvey 2.50+160407
LimeSurvey 2.50+160408
LimeSurvey 2.50+160412
LimeSurvey 2.50+160425
LimeSurvey 2.50+160426
LimeSurvey 2.50+160503
LimeSurvey 2.50+160516
LimeSurvey 2.50+160525
LimeSurvey 2.50+160529
LimeSurvey 2.50+160603
LimeSurvey 2.50+160714
LimeSurvey 2.50+160725
LimeSurvey 2.50+160727
LimeSurvey 2.50+160728
LimeSurvey 2.50+160810
LimeSurvey 2.50+160812
LimeSurvey 2.50RC1
LimeSurvey 2.50RC2
LimeSurvey 2.50RC3
LimeSurvey 2.50RC4
LimeSurvey 2.50RC5
LimeSurvey 2.50RC6
LimeSurvey 2.50RC7
LimeSurvey 2.50RC8
LimeSurvey 2.51.0
LimeSurvey 2.51.1
LimeSurvey 2.51.2
LimeSurvey 2.51.3
LimeSurvey 2.51.4
LimeSurvey 2.51.4+160908
LimeSurvey 2.52+160929
LimeSurvey 2.53+161004
LimeSurvey 2.54.1+161010
LimeSurvey 2.54+161007
LimeSurvey 2.54.2+161012
LimeSurvey 2.54.3+161014
LimeSurvey 2.54.4+161018
LimeSurvey 2.54.5+161019
LimeSurvey 2.55.1+161026
LimeSurvey 2.55+161021
LimeSurvey 2.55.2+161103
LimeSurvey 2.55.3+161111
LimeSurvey 2.56.1+161118
LimeSurvey 2.56+161117
LimeSurvey 2.57.0+161202
LimeSurvey 2.57.1+161205
LimeSurvey 2.58.0+170104
MODX 2.3.0-pl
MODX 2.3.1-pl
MODX 2.3.2-pl
MODX 2.3.3-pl
MODX 2.3.4-pl
MODX 2.3.5-pl
MODX 2.3.6-pl
MODX 2.4.0-pl
MODX 2.4.1-pl
MODX 2.4.2-pl
MODX 2.4.3-pl
MODX 2.4.4-pl
MODX 2.5.0-pl
MODX 2.5.1-pl
MODX 2.5.2-pl
Booked 2.6
phpList 3.0.9
phpList 3.0.10
phpList 3.0.11
phpList 3.0.12
phpList 3.2.0
phpList 3.2.1
phpList 3.2.2
phpList 3.2.3
phpList 3.2.4
phpList 3.2.5
phpList 3.2.6
XOOPS 2.5.8
XOOPS 2.5.8-beta1
XOOPS 2.5.8-rc1
XOOPS 2.5.8-rc2
XOOPS 2.5.8-rc3
PHPMailer 5.0.0
PHPMailer 5.0.2
PHPMailer 5.1
PHPMailer 5.1.0
PHPMailer 5.2.4
PHPMailer 5.2.5
PHPMailer 5.2.6
PHPMailer 5.2.7
PHPMailer 5.2.8
PHPMailer 5.2.9
PHPMailer 5.2.10
PHPMailer 5.2.11
PHPMailer 5.2.12
PHPMailer 5.2.13
PHPMailer 5.2.14
PHPMailer 5.2.15
PHPMailer 5.2.16
PHPMailer 5.2.17
PHPMailer 5.2.18
PHPMailer 5.2.19

[CVE-2016-10045] Remote Code Execution in PHPMailer

Wed, 28 Dec 2016 17:00:51 GMT

This vulnerability affects the following application versions:

WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.6
WordPress 4.6.1
WordPress 4.7

[20170112] Weak cryptography security for multisite activation key

Thu, 12 Jan 2017 13:11:58 GMT

The activation key for multisite installations is not fully random. The predictable nature of this key weakens its cryptographical properties and allows potential information disclosure.

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.6
WordPress 4.6.1
WordPress 4.7

[20170112] Cross-site request forgery (CSRF) bypass via uploading a Flash file

Thu, 12 Jan 2017 13:11:58 GMT

Cross-site request forgery (CSRF) bypass via uploading a Flash file

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.6
WordPress 4.6.1
WordPress 4.7

[20170112] Cross-site scripting (XSS) via theme name fallback

Thu, 12 Jan 2017 13:11:58 GMT

Inadequate escaping in the theme name fallback leads to a XSS vulnerability which can be abused by attackers to execute malicious code.

This vulnerability affects the following application versions:

WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.6
WordPress 4.6.1
WordPress 4.7

[20170112] Cross-site scripting (XSS) via the plugin name or version header on update-core.php

Thu, 12 Jan 2017 13:11:58 GMT

Cross-site scripting (XSS) via the plugin name or version header on update-core.php

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.6
WordPress 4.6.1
WordPress 4.7

[20170112] Post via email checks mail.example.com if default settings aren’t changed

Thu, 12 Jan 2017 13:11:58 GMT

Post via email checks mail.example.com if the default settings aren't changed, which can be abused by attacks to add posts.

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.6
WordPress 4.6.1
WordPress 4.7

[20170112] CSRF in accessibility mode of widget edit page

Thu, 12 Jan 2017 13:11:58 GMT

The accessibility mode of the widget edit page has a simple cross-site request forgery vulnerability due to the lack of a nonce check.

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.6
WordPress 4.6.1
WordPress 4.7

[20170112] Public posts disclose user information through the REST API

Thu, 12 Jan 2017 13:11:58 GMT

The REST API exposes user data for all users who had authored a post of a public post type. The patch limits this to only post types which have specified that they should be shown within the REST API.

This vulnerability affects the following application versions:

WordPress 4.7

[20170126] WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data

Mon, 30 Jan 2017 12:29:37 GMT

WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability.

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.7
WordPress 4.7.1

[20170126] The user interface for assigning taxonomy terms in "Press This" is shown to users who do not have permissions to use it

Mon, 30 Jan 2017 12:29:37 GMT

WordPress's "Press This" contains an exploit that allows users to add taxonomy terms, even if they do not have permissions to do so.

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.7
WordPress 4.7.1

[20170126] The post list table is vulnerable to a cross-site scripting (XSS) attack

Mon, 30 Jan 2017 12:29:37 GMT

A cross-site scripting (XSS) vulnerability was discovered in the posts list table which allows hackers to inject malicious code.

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.7
WordPress 4.7.1

[20170306] Cross-site request forgery (CSRF) in Press This leading to denial-of-service

Wed, 08 Mar 2017 16:37:16 GMT

A Cross-Site Request Forgery (CSRF) vulnerability exists on the Press This page of WordPress. This issue can be used to create a Denial of Service (DoS) condition if an authenticated administrator visits a malicious URL.

This vulnerability affects the following application versions:

WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2

[20170306] Cross-site scripting (XSS) via taxonomy term names

Wed, 08 Mar 2017 16:37:16 GMT

The name of a taxonomy term was left out of cross-site scripting prevention.

This vulnerability affects the following application versions:

WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2

[20170306] Cross-site scripting (XSS) via media file metadata

Wed, 08 Mar 2017 16:37:16 GMT

WordPress versions 4.7.2 and earlier contain a Cross-site scripting (XSS) vulnerability in the media file metadata which can be exploited by hackers.

This vulnerability affects the following application versions:

WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.7.22
WordPress 3.7.23
WordPress 3.7.24
WordPress 3.7.25
WordPress 3.7.26
WordPress 3.7.27
WordPress 3.7.28
WordPress 3.7.29
WordPress 3.7.30
WordPress 3.7.31
WordPress 3.7.32
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.8.22
WordPress 3.8.23
WordPress 3.8.24
WordPress 3.8.25
WordPress 3.8.26
WordPress 3.8.27
WordPress 3.8.28
WordPress 3.8.29
WordPress 3.8.30
WordPress 3.8.31
WordPress 3.8.32
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 3.9.20
WordPress 3.9.21
WordPress 3.9.22
WordPress 3.9.23
WordPress 3.9.24
WordPress 3.9.25
WordPress 3.9.26
WordPress 3.9.27
WordPress 3.9.28
WordPress 3.9.29
WordPress 3.9.30
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.0.19
WordPress 4.0.20
WordPress 4.0.21
WordPress 4.0.22
WordPress 4.0.23
WordPress 4.0.24
WordPress 4.0.25
WordPress 4.0.26
WordPress 4.0.27
WordPress 4.0.28
WordPress 4.0.29
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.1.19
WordPress 4.1.20
WordPress 4.1.21
WordPress 4.1.22
WordPress 4.1.23
WordPress 4.1.24
WordPress 4.1.25
WordPress 4.1.26
WordPress 4.1.27
WordPress 4.1.28
WordPress 4.1.29
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.2.16
WordPress 4.2.17
WordPress 4.2.18
WordPress 4.2.19
WordPress 4.2.20
WordPress 4.2.21
WordPress 4.2.22
WordPress 4.2.23
WordPress 4.2.24
WordPress 4.2.25
WordPress 4.2.26
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.3.12
WordPress 4.3.13
WordPress 4.3.14
WordPress 4.3.15
WordPress 4.3.16
WordPress 4.3.17
WordPress 4.3.18
WordPress 4.3.19
WordPress 4.3.20
WordPress 4.3.21
WordPress 4.3.22
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2

[20170306] Unintended files could be deleted by administrators using the plugin deletion functionality

Wed, 08 Mar 2017 16:37:16 GMT

Part of security release WordPress 4.7.3.

This vulnerability affects the following application versions:

WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2

[20170306] Cross-site scripting via video URL in YouTube embeds

Wed, 08 Mar 2017 16:37:16 GMT

The use of YouTube video URLs allows cross-site scripting.

This vulnerability affects the following application versions:

WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2

[20170306] Control characters can trick redirect URL validation

Wed, 08 Mar 2017 16:37:16 GMT

The use of special control characters in a redirect URL can circumvent the URL validation.

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2

[CVE-2017-6379] Some admin paths were not protected with a CSRF token

Thu, 16 Mar 2017 13:41:48 GMT

Some administrative paths did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.

Part of security release SA-CORE-2017-001

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6

[CVE-2017-6377] Editor module incorrectly checked access to inline private files

Thu, 16 Mar 2017 13:41:48 GMT

When added a private file via a configured text editor (like CKEditor), the editor would not correctly check access for the file being attached, resulted in an access bypass.

Part of security patch SA-CORE-2017-001

This vulnerability affects the following application versions:

Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6

[CVE-2017-6919] Access bypass RESTful Web Services

Wed, 19 Apr 2017 19:50:22 GMT

This was a critical access bypass vulnerability. A site was only affected by this when the following conditions were met:

- The site has the RESTful Web Services (rest) module enabled.
- The site allows PATCH requests.
- An attacker can get or register a user account on the site.

Part of security release SA-CORE-2017-002

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.3.0

Changed filter for $taxonomies parameter

Mon, 24 Apr 2017 09:01:32 GMT

Part of WordPress release 4.7.4

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.4
WordPress 4.4.1
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3

[20170401] Information disclosure

Tue, 02 May 2017 13:44:30 GMT

Mail sent using the JMail API had leaked the used PHPMailer version in the mail headers.

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8
Joomla 1.5.9
Joomla 1.5.10
Joomla 1.5.11
Joomla 1.5.12
Joomla 1.5.13
Joomla 1.5.14
Joomla 1.5.15
Joomla 1.5.16
Joomla 1.5.17
Joomla 1.5.18
Joomla 1.5.19
Joomla 1.5.20
Joomla 1.5.21
Joomla 1.5.22
Joomla 1.5.23
Joomla 1.5.24
Joomla 1.5.25
Joomla 1.5.26
Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4

[20170402] - XSS in the template manager component

Tue, 02 May 2017 13:44:30 GMT

Inadequate filtering leads to XSS in the template manager component.

CVE-2017-7984

Part of security release: 3.7.0

This vulnerability affects the following application versions:

Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5

[20170403] - XSS vulnerabilities in various components

Tue, 02 May 2017 13:44:30 GMT

Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.

CVE-2017-7985

Part of security release: 3.7.0

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5

[20170405] - XSS vulnerabilities in the template manager component

Tue, 02 May 2017 13:44:30 GMT

Inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.

CVE-2017-7987

Part of security release: 3.7.0

This vulnerability affects the following application versions:

Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5

[20170406] ACL Violations

Tue, 02 May 2017 13:44:30 GMT

In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents had allowed overwriting the author of an article.

Part of patch Joomla 3.7.

This vulnerability affects the following application versions:

Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4

[20170408] Information Disclosure

Tue, 02 May 2017 13:44:30 GMT

Multiple files had caused full path disclosures on systems with enabled error reporting.

This vulnerability affects the following application versions:

Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4

[20170404] - XSS vulnerabilities in various components

Tue, 09 May 2017 07:32:39 GMT

Inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.

CVE-2017-7986

Part of security release: 3.7.0

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8
Joomla 1.5.9
Joomla 1.5.10
Joomla 1.5.11
Joomla 1.5.12
Joomla 1.5.13
Joomla 1.5.14
Joomla 1.5.15
Joomla 1.5.16
Joomla 1.5.17
Joomla 1.5.18
Joomla 1.5.19
Joomla 1.5.20
Joomla 1.5.21
Joomla 1.5.22
Joomla 1.5.23
Joomla 1.5.24
Joomla 1.5.25
Joomla 1.5.26
Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4

[20170501]Inadequate filtering of request data

Thu, 18 May 2017 08:10:17 GMT

Inadequate filtering of request data had led to a SQL Injection vulnerability.

Part of release 3.7.1.

This vulnerability affects the following application versions:

Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2

Insufficient redirect validation in the HTTP class

Thu, 18 May 2017 15:36:20 GMT

Part of release 4.7.5

This vulnerability affects the following application versions:

WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4

[20170516] Improper handling of post meta data values in the XML-RPC API

Thu, 18 May 2017 15:36:20 GMT

Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.
Part of Wordpress release 4.7.5.

https://github.com/WordPress/WordPress/commit/031cbb0548fcf0212b8f8136fdba0e9d119f7b84

This vulnerability affects the following application versions:

WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4

A cross-site scripting (XSS) vulnerability was discovered related to the Customizer

Thu, 18 May 2017 15:36:20 GMT

Part of release 4.7.5

https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3

This vulnerability affects the following application versions:

WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4

Cross Site Request Forgery (CSRF) vulnerability in filesystem credentials dialog

Thu, 18 May 2017 15:36:20 GMT

A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog.

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4

Cross-site scripting (XSS) vulnerability when uploading very large files

Thu, 18 May 2017 15:36:20 GMT

A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.

This vulnerability affects the following application versions:

WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4

[20170516] Lack of capability checks for post meta data in the XML-RPC API

Thu, 18 May 2017 15:36:20 GMT

Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.
Files:
* wp-includes/class-wp-xmlrpc-server.php

https://github.com/WordPress/WordPress/commit/0f3180de0203cc6874dafdd713c4b8e8880e2d10

Part of release 4.7.5

This vulnerability affects the following application versions:

WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4

[CVE-2017-6920] PECL YAML parser unsafe object handling

Thu, 22 Jun 2017 10:50:51 GMT

PECL YAML parser did not handle PHP objects safely during certain operations within Drupal core. This could lead to remote code execution.

Part of security release SA-CORE-2017-003

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3

[CVE-2017-6922] Files uploaded by anonymous users into a private file system could be accessed by other anonymous users

Thu, 22 Jun 2017 10:50:51 GMT

Private files that had been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.

The security team has also received reports that this vulnerability is being exploited for spam purposes, similar to the scenario discussed in PSA-2016-003 for the public file system.

Part of security release SA-CORE-2017-003

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 7.43
Drupal 7.44
Drupal 7.50
Drupal 7.51
Drupal 7.52
Drupal 7.53
Drupal 7.54
Drupal 7.55
Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3

[CVE-2017-6921] File REST resource does not properly validate

Thu, 22 Jun 2017 10:50:51 GMT

The file REST resource did not properly validate some fields when manipulating files. A site was only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.

Part of security release SA-CORE-2017-003

This vulnerability affects the following application versions:

Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3

[20170701] Information Disclosure

Wed, 05 Jul 2017 08:55:30 GMT

Improper cache invalidation had led to disclosure of form contents.

This vulnerability affects the following application versions:

Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2

[20170702] - Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.

Wed, 05 Jul 2017 09:42:37 GMT

Missing CSRF token checks and improper input validation lead to an XSS vulnerability.

CVE-2017-9934

Part of security release: 3.7.3

This vulnerability affects the following application versions:

Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2

[20170703] - Inadequate filtering of multibyte characters lead to XSS vulnerabilities in various components

Wed, 05 Jul 2017 09:42:37 GMT

Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.

CVE-2017-7985

Part of security release: 3.7.3

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8
Joomla 1.5.9
Joomla 1.5.10
Joomla 1.5.11
Joomla 1.5.12
Joomla 1.5.13
Joomla 1.5.14
Joomla 1.5.15
Joomla 1.5.16
Joomla 1.5.17
Joomla 1.5.18
Joomla 1.5.19
Joomla 1.5.20
Joomla 1.5.21
Joomla 1.5.22
Joomla 1.5.23
Joomla 1.5.24
Joomla 1.5.25
Joomla 1.5.26
Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2

[20170704] Installer: Lack of Ownership Verification

Wed, 26 Jul 2017 12:38:03 GMT

The CMS installer application had lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control.

This vulnerability affects the following application versions:

Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4-rc1

[20170705] - XSS vulnerabilities in various components

Wed, 26 Jul 2017 12:38:03 GMT

Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.

CVE-2017-11612

Part of security release: 3.7.4

This vulnerability affects the following application versions:

Joomla 1.5.0
Joomla 1.5.1
Joomla 1.5.2
Joomla 1.5.3
Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8
Joomla 1.5.9
Joomla 1.5.10
Joomla 1.5.11
Joomla 1.5.12
Joomla 1.5.13
Joomla 1.5.14
Joomla 1.5.15
Joomla 1.5.16
Joomla 1.5.17
Joomla 1.5.18
Joomla 1.5.19
Joomla 1.5.20
Joomla 1.5.21
Joomla 1.5.22
Joomla 1.5.23
Joomla 1.5.24
Joomla 1.5.25
Joomla 1.5.26
Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4-rc1

[CVE-2017-6925] Entity access bypass for entities that did not have UUIDs or had protected revisions

Thu, 17 Aug 2017 10:49:40 GMT

There was a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affected entities that did not use or did not have UUIDs, and entities that had different access restrictions on different revisions of the same entity.

Part of security release SA-CORE-2017-004

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6

[CVE-2017-6923] Views access bypass

Thu, 17 Aug 2017 10:49:40 GMT

When created a view, you could optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view.

It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them.

Part of security release SA-CORE-2017-004

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6

[CVE-2017-6924] REST API could bypass comment approval

Thu, 17 Aug 2017 10:49:40 GMT

When using the REST API, users without the correct permission could post comments via REST that were approved even if the user did not have permission to post approved comments.

This issue only affected sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker could access a user account on the site with permissions to post comments, or where anonymous users could post comments.

Part of security release SA-CORE-2017-004

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6

XSS vulnerability in plugin editor

Fri, 22 Sep 2017 06:10:43 GMT

A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by 陈瑞琦 (Chen Ruiqi).

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.8
WordPress 4.8.1

[20170920] An open redirect was discovered on the user and term edit screens

Fri, 22 Sep 2017 06:10:43 GMT

An open redirect was discovered on the user and term edit screens.. The button "Back to Users" in the users and term page in the admin admin redirects to the HTTP referrer address without verification.

This vulnerability affects the following application versions:

WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.8
WordPress 4.8.1

XSS vulnerability in oEmbed

Fri, 22 Sep 2017 06:10:43 GMT

A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team.

This vulnerability affects the following application versions:

WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.8
WordPress 4.8.1

XSS vulnerability in template names

Fri, 22 Sep 2017 06:10:43 GMT

A cross-site scripting (XSS) vulnerability was discovered in template names. Reported by Luka (sikic).

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.8
WordPress 4.8.1

XSS vulnerability in the visual editor

Fri, 22 Sep 2017 06:10:43 GMT

A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.

This vulnerability affects the following application versions:

WordPress 4.8.1

[20170901] Logic bug in SQL query could lead to information disclosure

Fri, 22 Sep 2017 06:10:43 GMT

A logic bug in a SQL query had led to the disclosure of article intro texts when these articles were in the archived state.

This vulnerability affects the following application versions:

Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0-rc1

Path traversal vulnerability in the customizer

Fri, 22 Sep 2017 06:10:43 GMT

A path traversal vulnerability was discovered in the customizer.

This vulnerability affects the following application versions:

WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.7.22
WordPress 3.7.23
WordPress 3.7.24
WordPress 3.7.25
WordPress 3.7.26
WordPress 3.7.27
WordPress 3.7.28
WordPress 3.7.29
WordPress 3.7.30
WordPress 3.7.31
WordPress 3.7.32
WordPress 3.7.33
WordPress 3.7.34
WordPress 3.7.35
WordPress 3.7.36
WordPress 3.7.37
WordPress 3.7.38
WordPress 3.7.39
WordPress 3.7.40
WordPress 3.7.41
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.8.22
WordPress 3.8.23
WordPress 3.8.24
WordPress 3.8.25
WordPress 3.8.26
WordPress 3.8.27
WordPress 3.8.28
WordPress 3.8.29
WordPress 3.8.30
WordPress 3.8.31
WordPress 3.8.32
WordPress 3.8.33
WordPress 3.8.34
WordPress 3.8.35
WordPress 3.8.36
WordPress 3.8.37
WordPress 3.8.38
WordPress 3.8.39
WordPress 3.8.40
WordPress 3.8.41
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 3.9.20
WordPress 3.9.21
WordPress 3.9.22
WordPress 3.9.23
WordPress 3.9.24
WordPress 3.9.25
WordPress 3.9.26
WordPress 3.9.27
WordPress 3.9.28
WordPress 3.9.29
WordPress 3.9.30
WordPress 3.9.31
WordPress 3.9.32
WordPress 3.9.33
WordPress 3.9.34
WordPress 3.9.35
WordPress 3.9.36
WordPress 3.9.37
WordPress 3.9.39
WordPress 3.9.40
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.0.19
WordPress 4.0.20
WordPress 4.0.21
WordPress 4.0.22
WordPress 4.0.23
WordPress 4.0.24
WordPress 4.0.25
WordPress 4.0.26
WordPress 4.0.27
WordPress 4.0.28
WordPress 4.0.29
WordPress 4.0.30
WordPress 4.0.31
WordPress 4.0.32
WordPress 4.0.33
WordPress 4.0.34
WordPress 4.0.35
WordPress 4.0.36
WordPress 4.0.37
WordPress 4.0.38
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.1.19
WordPress 4.1.20
WordPress 4.1.21
WordPress 4.1.22
WordPress 4.1.23
WordPress 4.1.24
WordPress 4.1.25
WordPress 4.1.26
WordPress 4.1.27
WordPress 4.1.28
WordPress 4.1.29
WordPress 4.1.30
WordPress 4.1.31
WordPress 4.1.32
WordPress 4.1.33
WordPress 4.1.34
WordPress 4.1.35
WordPress 4.1.36
WordPress 4.1.37
WordPress 4.1.38
WordPress 4.1.39
WordPress 4.1.40
WordPress 4.1.41
WordPress 4.1.42
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.2.16
WordPress 4.2.17
WordPress 4.2.18
WordPress 4.2.19
WordPress 4.2.20
WordPress 4.2.21
WordPress 4.2.22
WordPress 4.2.23
WordPress 4.2.24
WordPress 4.2.25
WordPress 4.2.26
WordPress 4.2.27
WordPress 4.2.28
WordPress 4.2.29
WordPress 4.2.30
WordPress 4.2.31
WordPress 4.2.32
WordPress 4.2.33
WordPress 4.2.34
WordPress 4.2.35
WordPress 4.2.36
WordPress 4.2.37
WordPress 4.2.38
WordPress 4.2.39
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.3.12
WordPress 4.3.13
WordPress 4.3.14
WordPress 4.3.15
WordPress 4.3.16
WordPress 4.3.17
WordPress 4.3.18
WordPress 4.3.19
WordPress 4.3.20
WordPress 4.3.21
WordPress 4.3.22
WordPress 4.3.23
WordPress 4.3.24
WordPress 4.3.25
WordPress 4.3.26
WordPress 4.3.27
WordPress 4.3.28
WordPress 4.3.29
WordPress 4.3.30
WordPress 4.3.31
WordPress 4.3.32
WordPress 4.3.33
WordPress 4.3.34
WordPress 4.3.35
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.8
WordPress 4.8.1

Unsafe queries can lead to potential SQL injection

Fri, 22 Sep 2017 06:10:43 GMT

$wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but added hardening to prevent plugins and themes from accidentally causing a vulnerability.

This vulnerability affects the following application versions:

WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.8
WordPress 4.8.1

Path traversal vulnerability in file unzipping

Fri, 22 Sep 2017 06:10:43 GMT

A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet).

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.8
WordPress 4.8.1

[20170902] LDAP Information Disclosure

Fri, 22 Sep 2017 07:53:18 GMT

Inadequate escaping in the LDAP authentication plugin had resulted into a disclosure of username and password.

This vulnerability affects the following application versions:

Joomla 1.5.4
Joomla 1.5.5
Joomla 1.5.6
Joomla 1.5.7
Joomla 1.5.8
Joomla 1.5.9
Joomla 1.5.10
Joomla 1.5.11
Joomla 1.5.12
Joomla 1.5.13
Joomla 1.5.14
Joomla 1.5.15
Joomla 1.5.16
Joomla 1.5.17
Joomla 1.5.18
Joomla 1.5.19
Joomla 1.5.20
Joomla 1.5.21
Joomla 1.5.22
Joomla 1.5.23
Joomla 1.5.24
Joomla 1.5.25
Joomla 1.5.26
Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0-rc1

[20170920] A cross-site scripting (XSS) vulnerability was discovered in the link modal

Fri, 22 Sep 2017 07:53:18 GMT

A cross-site scripting (XSS) vulnerability was discovered in the link modal. Wordpress link preview may allow adversaries to display crafted URLs that contain JavaScript code or URLs to sites that can manipulate the origin page through `window.opener` browser DOM property.

This vulnerability affects the following application versions:

WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.8
WordPress 4.8.1

[20171031] Changed behaviour of esc_sql() in WordPress 4.8.3

Wed, 01 Nov 2017 10:17:21 GMT

WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability.

This vulnerability affects the following application versions:

WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.7.22
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.8.22
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 3.9.20
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.0.19
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.1.19
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.2.16
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.3.12
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.4.11
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.5.10
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.6.7
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2

[20171102] 2-factor-authentication bypass

Thu, 09 Nov 2017 14:45:59 GMT

A bug had allowed third parties to bypass a user's 2-factor-authentication method.

This vulnerability affects the following application versions:

Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2-rc

[20171101] Inadequate escaping in the LDAP authentication plugin

Thu, 09 Nov 2017 14:45:59 GMT

Inadequate escaping in the LDAP authentication plugin had resulted in disclosure of username and password.

CVE Number: CVE-2017-14596.

This vulnerability affects the following application versions:

Joomla 1.5.16
Joomla 1.5.17
Joomla 1.5.18
Joomla 1.5.19
Joomla 1.5.20
Joomla 1.5.21
Joomla 1.5.22
Joomla 1.5.23
Joomla 1.5.24
Joomla 1.5.25
Joomla 1.5.26
Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2-rc

[20171103] Logic bug in com_fields exposed read-only information

Thu, 09 Nov 2017 14:45:59 GMT

A logic bug in com_fields had exposed read-only information about a site's custom fields to unauthorized users.

CVE Number: CVE-2017-16633.

This vulnerability affects the following application versions:

Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2-rc

Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability

Thu, 30 Nov 2017 10:49:30 GMT

Missing input validation allowed users to upload JavaScript files, even when they did not have the unfiltered_html capability.

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.7.22
WordPress 3.7.23
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.8.22
WordPress 3.8.23
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 3.9.20
WordPress 3.9.21
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.0.19
WordPress 4.0.20
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.1.19
WordPress 4.1.20
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.2.16
WordPress 4.2.17
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.3.12
WordPress 4.3.13
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.4.11
WordPress 4.4.12
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.5.10
WordPress 4.5.11
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.6.7
WordPress 4.6.8
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.3
WordPress 4.9

Escaping added to the language attributes used on html elements

Thu, 30 Nov 2017 10:49:30 GMT

Added escaping to language attributes in the general template.

https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.7.22
WordPress 3.7.23
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.8.22
WordPress 3.8.23
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 3.9.20
WordPress 3.9.21
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.0.19
WordPress 4.0.20
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.1.19
WordPress 4.1.20
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.2.16
WordPress 4.2.17
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.3.12
WordPress 4.3.13
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.4.11
WordPress 4.4.12
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.5.10
WordPress 4.5.11
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.6.7
WordPress 4.6.8
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.3
WordPress 4.9

Use a properly generated hash for the newbloguser key instead of a determinate substring

Thu, 30 Nov 2017 10:49:30 GMT

The new blog user hash that is generated is a determinate substring, allowing an attacker to calculate the hash.

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.7.22
WordPress 3.7.23
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.8.22
WordPress 3.8.23
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 3.9.20
WordPress 3.9.21
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.0.19
WordPress 4.0.20
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.1.19
WordPress 4.1.20
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.2.16
WordPress 4.2.17
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.3.12
WordPress 4.3.13
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.4.11
WordPress 4.4.12
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.5.10
WordPress 4.5.11
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.6.7
WordPress 4.6.8
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.3
WordPress 4.9

[20171130] Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom

Thu, 30 Nov 2017 10:49:30 GMT

Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.

https://core.trac.wordpress.org/changeset/42260

This vulnerability affects the following application versions:

WordPress 3.0
WordPress 3.0.1
WordPress 3.0.2
WordPress 3.0.3
WordPress 3.0.4
WordPress 3.0.5
WordPress 3.0.6
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.1.4
WordPress 3.2
WordPress 3.2.1
WordPress 3.3
WordPress 3.3.1
WordPress 3.3.2
WordPress 3.3.3
WordPress 3.4
WordPress 3.4.1
WordPress 3.4.2
WordPress 3.5
WordPress 3.5.1
WordPress 3.5.2
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.7.22
WordPress 3.7.23
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.8.22
WordPress 3.8.23
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 3.9.20
WordPress 3.9.21
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.0.19
WordPress 4.0.20
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.1.19
WordPress 4.1.20
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.2.16
WordPress 4.2.17
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.3.12
WordPress 4.3.13
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.4.11
WordPress 4.4.12
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.5.10
WordPress 4.5.11
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.6.7
WordPress 4.6.8
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.3
WordPress 4.9

[APPSEC-996] Customer information leak via RSS and privilege escalation

Mon, 11 Dec 2017 19:10:48 GMT

Improper check for authorized URL leads to customer information leak (order information, order IDs, customer name). Leaked information simplifies attack on guest Order Review, which exposes customer email, shipping and billing address. In some areas, the same underlying issue can lead to privilege escalation for Admin accounts.

Part of patch SUPEE-6285

This vulnerability affects the following application versions:

Magento 1.4.0.0
Magento 1.4.0.1
Magento 1.4.1.0
Magento 1.4.1.1
Magento 1.4.2.0
Magento 1.5.0.1
Magento 1.5.1.0
Magento 1.6.0.0
Magento 1.6.1.0
Magento 1.6.2.0
Magento 1.7.0.0
Magento 1.7.0.1
Magento 1.7.0.2
Magento 1.8.0.0
Magento 1.8.1.0
Magento 1.9.0.0
Magento 1.9.0.1
Magento 1.9.1.0
Magento 1.9.1.1

[SUPEE 1533] An attacker could execute arbitrary code on Magento server

Mon, 11 Dec 2017 19:10:48 GMT

2 Identified potential exploits were discovered that could:

1. Enable an attacker to execute arbitrary code on a Magento server.
2. Create files with a .csv extension, create writable directories, and change the permission of existing files to world-writable (777).

Creating files with a .csv extension could lead to executing files like php.csv (only under certain circumstances). The ability to run code with a .csv extension is dangerous itself and could be combined with other attacks; for example, targeting other software installed on the server.

This vulnerability affects the following application versions:

Magento 1.4.0.0
Magento 1.4.0.1
Magento 1.4.1.0
Magento 1.4.1.1
Magento 1.4.2.0
Magento 1.5.0.1
Magento 1.5.1.0
Magento 1.6.0.0
Magento 1.6.1.0
Magento 1.6.2.0
Magento 1.7.0.0
Magento 1.7.0.1
Magento 1.7.0.2
Magento 1.8.0.0
Magento 1.8.1.0
Magento 1.9.0.0
Magento 1.9.0.1

[APPSEC-1239-1] Stored XSS in Order Comments

Fri, 29 Dec 2017 09:41:01 GMT

A user can append comments to an order using a specially crafted request that relies upon the PayFlow Pro payment module. Magento did not filter the request properly, which potentially resulted in JavaScript code being saved in database (see issue APPSEC-1240) and then executed server-side when the administrator tried to view the order. This attack could lead to a takeover of the administrator session or executing actions on behalf of administrator. Part of patch SUPEE-7405

This vulnerability affects the following application versions:

Magento 1.4.0.0
Magento 1.4.0.1
Magento 1.4.1.0
Magento 1.4.1.1
Magento 1.4.2.0
Magento 1.5.0.1
Magento 1.5.1.0
Magento 1.6.0.0
Magento 1.6.1.0
Magento 1.6.2.0
Magento 1.7.0.0
Magento 1.7.0.1
Magento 1.7.0.2
Magento 1.8.0.0
Magento 1.8.1.0
Magento 1.9.0.0
Magento 1.9.0.1
Magento 1.9.1.0
Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2

[20180101] - XSS vulnerabilities in the module system

Tue, 30 Jan 2018 15:43:44 GMT

Lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.

CVE-2018-6380

Part of security release: 3.8.4

This vulnerability affects the following application versions:

Joomla 1.5.16
Joomla 1.5.17
Joomla 1.5.18
Joomla 1.5.19
Joomla 1.5.20
Joomla 1.5.21
Joomla 1.5.22
Joomla 1.5.23
Joomla 1.5.24
Joomla 1.5.25
Joomla 1.5.26
Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4-rc
Joomla 3.8.4-rc2

[20180103] XSS vulnerability in Uri class

Tue, 30 Jan 2018 15:43:44 GMT

Inadequate input filtering in the Uri class (formerly JUri) had led to a XSS vulnerability.

This vulnerability affects the following application versions:

Joomla 1.6.0
Joomla 1.6.1
Joomla 1.6.2
Joomla 1.6.3
Joomla 1.6.4
Joomla 1.6.5
Joomla 1.6.6
Joomla 1.7.0
Joomla 1.7.1
Joomla 1.7.2
Joomla 1.7.3
Joomla 1.7.4
Joomla 1.7.5
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4-rc
Joomla 3.8.4-rc2

[20180104] SQLi vulnerability in Hathor postinstall message

Tue, 30 Jan 2018 15:43:44 GMT

The lack of type casting of a variable in SQL statement had led to a SQL injection vulnerability in the Hathor postinstall message.

This vulnerability affects the following application versions:

Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4-rc
Joomla 3.8.4-rc2

[20180102] - XSS vulnerability in com_fields

Tue, 30 Jan 2018 15:43:44 GMT

Inadequate input filtering in com_fields leads to a XSS vulnerability in multiple field types, i.e. list, radio and checkbox.

CVE-2018-6377

Part of security release: 3.8.4

This vulnerability affects the following application versions:

Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4-rc
Joomla 3.8.4-rc2

Cached Queries in Shortcodes Lead to Object Injection

Wed, 14 Feb 2018 10:08:47 GMT

Versions 3.2.3 and earlier are affected by an issue where cached queries within shortcodes could lead to object injection. This is related to the recent WordPress 4.8.3 security release. This issue can only be exploited by users who can edit content and add shortcodes.

This vulnerability affects the following application versions:

WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3

Escape URLs added for product downloads in CSV importer avoiding code injection

Wed, 14 Feb 2018 10:08:47 GMT

Versions 3.2.1 and earlier are affected by an issue where shortcodes and relative URLs for product downloads are not handled or escaped correctly by the CSV importer, which could potentially result in code injection.

This vulnerability affects the following application versions:

WooCommerce 3.1.0
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1

Nonce keys, post descriptions, and other items were vulnerable to XSS

Wed, 14 Feb 2018 10:08:47 GMT

Version 3.2.1 and earlier did not properly sanitize nonce keys, post descriptions, and other items, potentially leading to XSS vulnerabilities.

This vulnerability affects the following application versions:

WooCommerce 1.6.0
WooCommerce 1.6.1
WooCommerce 1.6.2
WooCommerce 1.6.3
WooCommerce 1.6.4
WooCommerce 1.6.5
WooCommerce 1.6.5.1
WooCommerce 1.6.5.2
WooCommerce 1.6.6
WooCommerce 2.0.0
WooCommerce 2.0.0-RC1
WooCommerce 2.0.0-RC2
WooCommerce 2.0.0-RC3
WooCommerce 2.0.1
WooCommerce 2.0.2
WooCommerce 2.0.3
WooCommerce 2.0.4
WooCommerce 2.0.5
WooCommerce 2.0.6
WooCommerce 2.0.7
WooCommerce 2.0.8
WooCommerce 2.0.9
WooCommerce 2.0.10
WooCommerce 2.0.11
WooCommerce 2.0.12
WooCommerce 2.0.13
WooCommerce 2.0.14
WooCommerce 2.0.15
WooCommerce 2.0.16
WooCommerce 2.0.17
WooCommerce 2.0.18
WooCommerce 2.0.19
WooCommerce 2.0.20
WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1

Saving variation attributes on new products and with attributes containing slashes could lead to XSS

Wed, 14 Feb 2018 10:08:47 GMT

Products with title variations did not have the titles sanitized when populated with default values, which could potentially result in a stored XSS vulnerability. Although the fix was ostensibly to help compatibility with newer versions of WordPress, it also addresses a potential security flaw. Fixed in WooCommerce 3.2.5

This vulnerability affects the following application versions:

WooCommerce 3.2.0
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4

Escape HTML for Post Validation Error Messages

Wed, 14 Feb 2018 10:08:47 GMT

Adds escape html filters to the error messages coming from post validation.

This vulnerability affects the following application versions:

WooCommerce 3.0.0
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2

Sanitize Keys in Reports Class

Wed, 14 Feb 2018 10:08:47 GMT

Sanitizes the names (keys) of the field data while displaying the admin reports.

This vulnerability affects the following application versions:

WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 3.0.0
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2

Escapes URL Raw for an admin URL

Wed, 14 Feb 2018 10:08:47 GMT

Admin URL is escaped using escape URL raw.

This vulnerability affects the following application versions:

WooCommerce 3.2.0
WooCommerce 3.2.1

Sanitizes hash check to avoid XSS

Wed, 14 Feb 2018 10:08:47 GMT

WooCommerce version prior to 3.2.4 failed to unslash geolocation hashes and redirect URLs, and failed to properly escape an admin URL

This vulnerability affects the following application versions:

WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3

Escape transactional email error message

Thu, 15 Feb 2018 13:08:19 GMT

Prior to version 3.3.1 of WooCommerce, the callback referenced in the fatal error message for transaction emails was not properly escaped, potentially leading to XSS.

This vulnerability affects the following application versions:

WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2

Typecast product page to int

Thu, 15 Feb 2018 13:08:19 GMT

In WooCommerce versions earlier than 3.3.1, it was possible to input negative or non-integer values as the product page in the query string.

This vulnerability affects the following application versions:

WooCommerce 3.3.0
WooCommerce 3.3.0-rc.2

Image sizes vulnerable to command injection typecast sizes to int

Thu, 15 Feb 2018 13:08:19 GMT

In WooCommerce version prior to 3.3.1, there were no constraints to prevent negative or non-integer image sizes from being processed as-is, which could result in unpredictable behavior, buffer overflows, or even command injection. This fix uses absint to ensure that all image sizes are positive integers.

This vulnerability affects the following application versions:

WooCommerce 3.3.0
WooCommerce 3.3.0-rc.2

[CVE-2017-6932] External link injection on 404 pages when linking to the current page

Fri, 23 Feb 2018 08:42:38 GMT

Drupal core had an external link injection vulnerability when the language switcher block was used. A similar vulnerability existed in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.

Part of security release SA-CORE-2018-001

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 6.33
Drupal 6.34
Drupal 6.35
Drupal 6.36
Drupal 6.37
Drupal 6.38
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 7.43
Drupal 7.44
Drupal 7.50
Drupal 7.51
Drupal 7.52
Drupal 7.53
Drupal 7.54
Drupal 7.55
Drupal 7.56

[SA-CORE-2018-001] JavaScript cross-site scripting prevention is incomplete

Fri, 23 Feb 2018 08:42:38 GMT

Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML. This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances.

The PHP functions which Drupal provides for HTML escaping are not affected.

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 6.33
Drupal 6.34
Drupal 6.35
Drupal 6.36
Drupal 6.37
Drupal 6.38
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 7.43
Drupal 7.44
Drupal 7.50
Drupal 7.51
Drupal 7.52
Drupal 7.53
Drupal 7.54
Drupal 7.55
Drupal 7.56
Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4

[CVE-2017-6928] Private file access bypass

Fri, 23 Feb 2018 08:42:38 GMT

When using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module was trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability.

This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.

Part of security release SA-CORE-2018-001

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 7.43
Drupal 7.44
Drupal 7.50
Drupal 7.51
Drupal 7.52
Drupal 7.53
Drupal 7.54
Drupal 7.55
Drupal 7.56

[CVE-2017-6926] Comment reply form allowed access to restricted content

Fri, 23 Feb 2018 08:42:38 GMT

Users with permission to post comments were able to view content and comments they do not have access to, and are also able to add comments to this content.

This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments.

Part of security release SA-CORE-2018-001

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4

[CVE-2017-6930] Language fallback could be incorrect on multilingual sites with node access restrictions

Fri, 23 Feb 2018 08:42:38 GMT

When using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This could result in an access bypass vulnerability.

This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records().

Part of security release SA-CORE-2018-001

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4

[CVE-2017-6928] Settings Tray access bypass

Fri, 23 Feb 2018 08:42:38 GMT

The Settings Tray module had a vulnerability that allowed users to update certain data that they did not have the permissions for.

If you had implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. This release fixes the only two implementations in core, but did not harden against other such bypasses.

This vulnerability could be mitigated by disabling the Settings Tray module.

Part of security release SA-CORE-2018-001

This vulnerability affects the following application versions:

Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4

[SA-CORE-2018-001] jQuery vulnerability with untrusted domains

Fri, 23 Feb 2018 08:42:38 GMT

A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit.

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 6.33
Drupal 6.34
Drupal 6.35
Drupal 6.36
Drupal 6.37
Drupal 6.38
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 7.43
Drupal 7.44
Drupal 7.50
Drupal 7.51
Drupal 7.52
Drupal 7.53
Drupal 7.54
Drupal 7.55
Drupal 7.56

[20180301] SQLi vulnerability user notes

Wed, 14 Mar 2018 10:09:35 GMT

The lack of type casting of a variable in SQL statement had led to a SQL injection vulnerability in the user notes list view.

This vulnerability affects the following application versions:

Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6-rc1

[APPSEC-1494] AdminNotification Stored XSS

Mon, 26 Mar 2018 08:35:35 GMT

An attacker with the ability to launch a Man-in-the-middle attack on a network connection could inject code on the Magento Admin RSS feed.

Part of patch SUPEE-10266

This vulnerability affects the following application versions:

Magento 1.4.0.0
Magento 1.4.0.1
Magento 1.4.1.0
Magento 1.4.1.1
Magento 1.4.2.0
Magento 1.5.0.1
Magento 1.5.1.0
Magento 1.6.0.0
Magento 1.6.1.0
Magento 1.6.2.0
Magento 1.7.0.0
Magento 1.7.0.1
Magento 1.7.0.2
Magento 1.8.0.0
Magento 1.8.1.0
Magento 1.9.0.0
Magento 1.9.0.1
Magento 1.9.1.0
Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 2.0.0
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

[APPSEC-1729] XSS in admin order view using order status label

Mon, 26 Mar 2018 08:35:35 GMT

An administrator could inject code in sales order records, which could result in an XSS attack on anyone that viewed the page.

Part of patch SUPEE-10266

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

[APPSEC-1793] Potential file uploads solely protected by .htaccess

Mon, 26 Mar 2018 08:35:35 GMT

An attacker could target non-Apache installations (for example, Nginx) to upload executable scripts that could be used to stage additional exploitations.

Part of patch SUPEE-10266

This vulnerability affects the following application versions:

Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

[APPSEC-1838] RSS session admin cookie could be used to gain administrator privileges

Mon, 26 Mar 2018 08:35:35 GMT

An attacker could use a low privilege RSS session cookie to escalate privileges and gain access to the Magento Admin Portal.

Part of patch SUPEE-10266

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4

[APPSEC-1852] CSRF + Stored Cross Site Scripting (customer group)

Mon, 26 Mar 2018 08:35:35 GMT

A Magento administrator with limited privileges could exploit a vulnerability in the customer group to create a URL that could be used as part of CSRF attack.

Part of patch SUPEE-10266

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

[APPSEC-1579] Customer Segment Delete Action uses GET instead of POST request

Mon, 26 Mar 2018 08:35:35 GMT

A Magento administrator could perform malicious actions through an inadequate security check of the form key in the customer segment page.

Part of patch SUPEE-10266

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4

[APPSEC-1599] Admin login did not handle autocomplete feature correctly

Mon, 26 Mar 2018 08:35:35 GMT

Several fields in the Admin panel did not correctly handle autocomplete, which could result in a potential information leak when a browser tries to autocomplete the field.

Part of patch SUPEE-10266

This vulnerability affects the following application versions:

Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

[APPSEC-1688] Secure cookie check to prevent MITM not expiring user sessions

Mon, 26 Mar 2018 08:35:35 GMT

Magento did not properly validate session cookies, or caused them to expire, which potentially permits visitors to use expired cookies to interact with a store.

Part of patch SUPEE-10266

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4

[APPSEC-1853] CSRF + Stored Cross Site Scripting in newsletter template

Mon, 26 Mar 2018 08:35:35 GMT

A Magento administrator with limited privileges could exploit a vulnerability in the newsletter template to create a URL that could be used as part of a CSRF attack.

Part of patch SUPEE-10266

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4

[APPSEC-1757] Directory traversal in template configuration

Mon, 26 Mar 2018 08:35:35 GMT

An administrator with limited privileges could force Magento store notifications to include internal system files.

Part of patch SUPEE-10266

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4

[PSCFV-11936] Escape HTML char for Return Message

Wed, 28 Mar 2018 09:36:23 GMT

Official description: BO : Bug #PSCFV-11936, Escape HTML char for Return Message

This vulnerability affects the following application versions:

PrestaShop 1.5.5.0
PrestaShop 1.5.6.0
PrestaShop 1.5.6.1
PrestaShop 1.5.6.2
PrestaShop 1.6.0.1
PrestaShop 1.6.0.1 alpha 1
PrestaShop 1.6.0.2
PrestaShop 1.6.0.2 alpha 2
PrestaShop 1.6.0.3
PrestaShop 1.6.0.3 beta 1
PrestaShop 1.6.0.4
PrestaShop 1.6.0.4 RC1
PrestaShop 1.6.0.5
PrestaShop 1.6.0.6

[PSCSX-4841] Using for encryption CBC mode instead of ECB

Wed, 28 Mar 2018 09:36:23 GMT

Official description: SECURITY : (cc49345) Fixes PSCSX-4841 Usage of ECB mode

This vulnerability affects the following application versions:

PrestaShop 1.5.4.0
PrestaShop 1.5.4.1
PrestaShop 1.5.5.0
PrestaShop 1.5.6.0
PrestaShop 1.5.6.1
PrestaShop 1.5.6.2
PrestaShop 1.5.6.3
PrestaShop 1.6.0.1
PrestaShop 1.6.0.1 alpha 1
PrestaShop 1.6.0.2
PrestaShop 1.6.0.2 alpha 2
PrestaShop 1.6.0.3
PrestaShop 1.6.0.3 beta 1
PrestaShop 1.6.0.4
PrestaShop 1.6.0.4 RC1
PrestaShop 1.6.0.5
PrestaShop 1.6.0.6
PrestaShop 1.6.0.7
PrestaShop 1.6.0.8
PrestaShop 1.6.0.9
PrestaShop 1.6.0.10
PrestaShop 1.6.0.11
PrestaShop 1.6.0.12
PrestaShop 1.6.0.13
PrestaShop 1.6.0.14
PrestaShop 1.6.1.0
PrestaShop 1.6.1.0 RC4
PrestaShop 1.6.1.0 RC5
PrestaShop 1.6.1.1
PrestaShop 1.6.1.1 RC1
PrestaShop 1.6.1.1 RC2
PrestaShop 1.6.1.2
PrestaShop 1.6.1.2 RC1
PrestaShop 1.6.1.2 RC2
PrestaShop 1.6.1.2 RC3
PrestaShop 1.6.1.2 RC4
PrestaShop 1.6.1.3
PrestaShop 1.6.1.3 RC1
PrestaShop 1.6.1.4

[PSCSX-9597] Hide the password in the confirmation email

Wed, 28 Mar 2018 09:36:23 GMT

Official description: FO: bug#PSCSX-9597, When customers sign up, they receive their password in plain text in the confirmation email, but these must be hidden.

This vulnerability affects the following application versions:

PrestaShop 1.6.0.1
PrestaShop 1.6.0.1 alpha 1
PrestaShop 1.6.0.2
PrestaShop 1.6.0.2 alpha 2
PrestaShop 1.6.0.3
PrestaShop 1.6.0.3 beta 1
PrestaShop 1.6.0.4
PrestaShop 1.6.0.4 RC1
PrestaShop 1.6.0.5
PrestaShop 1.6.0.6
PrestaShop 1.6.0.7
PrestaShop 1.6.0.8
PrestaShop 1.6.0.9
PrestaShop 1.6.0.11
PrestaShop 1.6.0.12
PrestaShop 1.6.0.13
PrestaShop 1.6.0.14
PrestaShop 1.6.1.0
PrestaShop 1.6.1.0 RC4
PrestaShop 1.6.1.0 RC5
PrestaShop 1.6.1.1
PrestaShop 1.6.1.1 RC1
PrestaShop 1.6.1.1 RC2
PrestaShop 1.6.1.2
PrestaShop 1.6.1.2 RC1
PrestaShop 1.6.1.2 RC2
PrestaShop 1.6.1.2 RC3
PrestaShop 1.6.1.2 RC4
PrestaShop 1.6.1.3
PrestaShop 1.6.1.3 RC1
PrestaShop 1.6.1.4
PrestaShop 1.6.1.5
PrestaShop 1.6.1.6
PrestaShop 1.6.1.7
PrestaShop 1.6.1.8
PrestaShop 1.6.1.9
PrestaShop 1.6.1.10
PrestaShop 1.6.1.11
PrestaShop 1.6.1.11 beta 1
PrestaShop 1.6.1.12
PrestaShop 1.6.1.13
PrestaShop 1.6.1.14
PrestaShop 1.6.1.15
PrestaShop 1.6.1.16
PrestaShop 1.6.1.17

[PSCSX-9032] Secure FO from JS injection in URL

Wed, 28 Mar 2018 09:36:23 GMT

Official description: FO:bug#PSCSX-9032, secure token from js injection by htmlentities

This vulnerability affects the following application versions:

PrestaShop 1.6.0.3
PrestaShop 1.6.0.3 beta 1
PrestaShop 1.6.0.4
PrestaShop 1.6.0.4 RC1
PrestaShop 1.6.0.5
PrestaShop 1.6.0.6
PrestaShop 1.6.0.7
PrestaShop 1.6.0.8
PrestaShop 1.6.0.9
PrestaShop 1.6.0.11
PrestaShop 1.6.0.12
PrestaShop 1.6.0.13
PrestaShop 1.6.0.14
PrestaShop 1.6.1.0
PrestaShop 1.6.1.0 RC4
PrestaShop 1.6.1.0 RC5
PrestaShop 1.6.1.1
PrestaShop 1.6.1.1 RC1
PrestaShop 1.6.1.1 RC2
PrestaShop 1.6.1.2
PrestaShop 1.6.1.2 RC1
PrestaShop 1.6.1.2 RC2
PrestaShop 1.6.1.2 RC3
PrestaShop 1.6.1.2 RC4
PrestaShop 1.6.1.3
PrestaShop 1.6.1.3 RC1
PrestaShop 1.6.1.4
PrestaShop 1.6.1.5
PrestaShop 1.6.1.6
PrestaShop 1.6.1.7
PrestaShop 1.6.1.8
PrestaShop 1.6.1.9
PrestaShop 1.6.1.10
PrestaShop 1.6.1.11
PrestaShop 1.6.1.11 beta 1
PrestaShop 1.6.1.12
PrestaShop 1.6.1.13
PrestaShop 1.6.1.14
PrestaShop 1.6.1.15
PrestaShop 1.6.1.16

[PSCSX-9132] Secure the contact_form from spammers

Wed, 28 Mar 2018 09:36:23 GMT

Official description: FO: bug#PSCSX-9132, I adopt the solution in this link( http://www.nfriedly.com/techblog/2009/11/how-to-build-a-spam-free-contact-forms-without-captchas/ ) to solve the problem of spamming the contact form

This vulnerability affects the following application versions:

PrestaShop 1.6.0.3
PrestaShop 1.6.0.3 beta 1
PrestaShop 1.6.0.4
PrestaShop 1.6.0.4 RC1
PrestaShop 1.6.0.5
PrestaShop 1.6.0.6
PrestaShop 1.6.0.7
PrestaShop 1.6.0.8
PrestaShop 1.6.0.9
PrestaShop 1.6.0.10
PrestaShop 1.6.0.11
PrestaShop 1.6.0.12
PrestaShop 1.6.0.13
PrestaShop 1.6.0.14
PrestaShop 1.6.1.0
PrestaShop 1.6.1.0 RC4
PrestaShop 1.6.1.0 RC5
PrestaShop 1.6.1.1
PrestaShop 1.6.1.1 RC1
PrestaShop 1.6.1.1 RC2
PrestaShop 1.6.1.2
PrestaShop 1.6.1.2 RC1
PrestaShop 1.6.1.2 RC2
PrestaShop 1.6.1.2 RC3
PrestaShop 1.6.1.2 RC4
PrestaShop 1.6.1.3
PrestaShop 1.6.1.3 RC1
PrestaShop 1.6.1.4
PrestaShop 1.6.1.5
PrestaShop 1.6.1.6
PrestaShop 1.6.1.7
PrestaShop 1.6.1.8
PrestaShop 1.6.1.9
PrestaShop 1.6.1.10
PrestaShop 1.6.1.11
PrestaShop 1.6.1.11 beta 1
PrestaShop 1.6.1.12
PrestaShop 1.6.1.13
PrestaShop 1.6.1.14
PrestaShop 1.6.1.15
PrestaShop 1.6.1.16

[PSCSX-6883] Making check if module is trusted case sensitive

Wed, 28 Mar 2018 09:36:23 GMT

Official description: BO : Fixed checking if module is trusted PSCSX-6883

This vulnerability affects the following application versions:

PrestaShop 1.6.0.9
PrestaShop 1.6.0.11
PrestaShop 1.6.0.12
PrestaShop 1.6.0.13
PrestaShop 1.6.0.14
PrestaShop 1.6.1.0
PrestaShop 1.6.1.0 RC4
PrestaShop 1.6.1.1

[PSCFV-12409] Force secure option on the cookies if SSL is forced

Wed, 28 Mar 2018 09:36:23 GMT

Official description: CORE : force secure option on the cookies if SSL is forced #PSCFV-12409

This vulnerability affects the following application versions:

PrestaShop 1.5.5.0
PrestaShop 1.5.6.0
PrestaShop 1.5.6.1
PrestaShop 1.5.6.2
PrestaShop 1.5.6.3
PrestaShop 1.6.0.1
PrestaShop 1.6.0.1 alpha 1
PrestaShop 1.6.0.2
PrestaShop 1.6.0.2 alpha 2
PrestaShop 1.6.0.3
PrestaShop 1.6.0.3 beta 1
PrestaShop 1.6.0.4
PrestaShop 1.6.0.4 RC1
PrestaShop 1.6.0.5
PrestaShop 1.6.0.6
PrestaShop 1.6.0.7
PrestaShop 1.6.0.8
PrestaShop 1.6.0.9

Smarty modifier was vulnerable to XSS

Wed, 28 Mar 2018 09:36:23 GMT

Official description: SMARTY : Add new cleanHtml modifier

This vulnerability affects the following application versions:

PrestaShop 1.5.6.1
PrestaShop 1.6.0.1
PrestaShop 1.6.0.1 alpha 1
PrestaShop 1.6.0.2
PrestaShop 1.6.0.2 alpha 2
PrestaShop 1.6.0.3
PrestaShop 1.6.0.3 beta 1
PrestaShop 1.6.0.4
PrestaShop 1.6.0.4 RC1
PrestaShop 1.6.0.5
PrestaShop 1.6.0.6
PrestaShop 1.6.0.7
PrestaShop 1.6.0.8
PrestaShop 1.6.0.9
PrestaShop 1.6.0.10
PrestaShop 1.6.0.11
PrestaShop 1.6.0.12
PrestaShop 1.6.0.13
PrestaShop 1.6.0.14

CVE-2018-7600 Remote Code Execution vulnerability

Thu, 29 Mar 2018 08:41:18 GMT

A remote code execution vulnerability existed within multiple subsystems of Drupal 7.x and 8.x. This potentially allowed attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.

Part of security release SA-CORE-2018-002

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.5.0

[CVE-2018-7600] Remote Code Execution vulnerability

Tue, 03 Apr 2018 09:31:36 GMT

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 6.33
Drupal 6.34
Drupal 6.35
Drupal 6.36
Drupal 6.37
Drupal 6.38
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 7.43
Drupal 7.44
Drupal 7.50
Drupal 7.51
Drupal 7.52
Drupal 7.53
Drupal 7.54
Drupal 7.55
Drupal 7.56
Drupal 7.57

Make sure the version string is correctly escaped for use in generator tags

Thu, 05 Apr 2018 07:42:54 GMT

Escape HTML returned from `get_the_generator()`.

WordPress 4.9.5 Security and Maintenance Release

This vulnerability affects the following application versions:

WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.7.22
WordPress 3.7.23
WordPress 3.7.24
WordPress 3.7.25
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.8.22
WordPress 3.8.23
WordPress 3.8.24
WordPress 3.8.25
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 3.9.20
WordPress 3.9.21
WordPress 3.9.22
WordPress 3.9.23
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.0.19
WordPress 4.0.20
WordPress 4.0.21
WordPress 4.0.22
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.1.19
WordPress 4.1.20
WordPress 4.1.21
WordPress 4.1.22
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.2.16
WordPress 4.2.17
WordPress 4.2.18
WordPress 4.2.19
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.3.12
WordPress 4.3.13
WordPress 4.3.14
WordPress 4.3.15
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.4.11
WordPress 4.4.12
WordPress 4.4.13
WordPress 4.4.14
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.5.10
WordPress 4.5.11
WordPress 4.5.12
WordPress 4.5.13
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.6.7
WordPress 4.6.8
WordPress 4.6.9
WordPress 4.6.10
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.7.8
WordPress 4.7.9
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.3
WordPress 4.8.4
WordPress 4.8.5
WordPress 4.9
WordPress 4.9.1
WordPress 4.9.2
WordPress 4.9.3
WordPress 4.9.4

Use safe redirects when redirecting the login page if SSL is forced

Thu, 05 Apr 2018 07:42:54 GMT

Switch to `wp_safe_redirect()` when redirecting the login page when SSL is forced.

WordPress 4.9.5 Security and Maintenance Release

This vulnerability affects the following application versions:

WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.7.22
WordPress 3.7.23
WordPress 3.7.24
WordPress 3.7.25
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.8.22
WordPress 3.8.23
WordPress 3.8.24
WordPress 3.8.25
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 3.9.20
WordPress 3.9.21
WordPress 3.9.22
WordPress 3.9.23
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.0.19
WordPress 4.0.20
WordPress 4.0.21
WordPress 4.0.22
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.1.19
WordPress 4.1.20
WordPress 4.1.21
WordPress 4.1.22
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.2.16
WordPress 4.2.17
WordPress 4.2.18
WordPress 4.2.19
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.3.12
WordPress 4.3.13
WordPress 4.3.14
WordPress 4.3.15
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.4.11
WordPress 4.4.12
WordPress 4.4.13
WordPress 4.4.14
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.5.10
WordPress 4.5.11
WordPress 4.5.12
WordPress 4.5.13
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.6.7
WordPress 4.6.8
WordPress 4.6.9
WordPress 4.6.10
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.7.8
WordPress 4.7.9
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.3
WordPress 4.8.4
WordPress 4.8.5
WordPress 4.9
WordPress 4.9.1
WordPress 4.9.2
WordPress 4.9.3
WordPress 4.9.4

HTTP: Don't treat `localhost` as same host by default

Thu, 05 Apr 2018 07:42:54 GMT

Disallow localhost in `wp_http_validate_url()`.

WordPress 4.9.5 Security and Maintenance Release

This vulnerability affects the following application versions:

WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.5.10
WordPress 4.5.11
WordPress 4.5.12
WordPress 4.5.13
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.6.7
WordPress 4.6.8
WordPress 4.6.9
WordPress 4.6.10
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.7.8
WordPress 4.7.9
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.3
WordPress 4.8.4
WordPress 4.8.5
WordPress 4.9
WordPress 4.9.1
WordPress 4.9.2
WordPress 4.9.3
WordPress 4.9.4

[7069/7190] Protect translations display from XSS injections

Mon, 09 Apr 2018 13:27:26 GMT

Official description: #7069 Protect translations display against XSS injections / #7190 Escape translated strings to prevent XSS

This vulnerability affects the following application versions:

PrestaShop 1.7.0.0
PrestaShop 1.7.0.0 beta1
PrestaShop 1.7.0.0 beta2
PrestaShop 1.7.0.0 beta3
PrestaShop 1.7.0.0 RC0
PrestaShop 1.7.0.0 RC1
PrestaShop 1.7.0.0 RC2
PrestaShop 1.7.0.0 RC3
PrestaShop 1.7.0.1

[8381] Remove risky and useless sprintf() calls

Mon, 09 Apr 2018 13:27:26 GMT

Official description: CO: improvement, We often receive issues regarding translation, and the concerned translations always have a call to sprintf(). The new function trans() is already able to replace the placeholders without throwing fatal errors in case of errors. So this PR removes all calls to sprintf where trans can be used alone.

This vulnerability affects the following application versions:

PrestaShop 1.7.0.0
PrestaShop 1.7.0.0 beta1
PrestaShop 1.7.0.0 beta2
PrestaShop 1.7.0.0 beta3
PrestaShop 1.7.0.0 RC0
PrestaShop 1.7.0.0 RC1
PrestaShop 1.7.0.0 RC2
PrestaShop 1.7.0.0 RC3
PrestaShop 1.7.0.1
PrestaShop 1.7.0.2
PrestaShop 1.7.0.3
PrestaShop 1.7.0.4
PrestaShop 1.7.0.5
PrestaShop 1.7.0.6
PrestaShop 1.7.1.0
PrestaShop 1.7.1.0 beta1
PrestaShop 1.7.1.1
PrestaShop 1.7.1.2
PrestaShop 1.7.2.0
PrestaShop 1.7.2.0 RC 1
PrestaShop 1.7.2.1
PrestaShop 1.7.2.2
PrestaShop 1.7.2.3
PrestaShop 1.7.2.4
PrestaShop 1.7.2.5

Cross Site Scripting in CKEditor

Tue, 24 Apr 2018 08:20:36 GMT

CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses).

Part of security release SA-CORE-2018-003

This vulnerability affects the following application versions:

Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.5.0
Drupal 8.5.1

Remote Code Execution vulnerability within multiple subsystem

Thu, 26 Apr 2018 11:03:44 GMT

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allowed attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised.

Part of security release SA-CORE-2018-004

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 7.43
Drupal 7.44
Drupal 7.50
Drupal 7.51
Drupal 7.52
Drupal 7.53
Drupal 7.54
Drupal 7.55
Drupal 7.56
Drupal 7.57
Drupal 7.58
Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2

Additional sanitization of common functions

Tue, 08 May 2018 11:59:12 GMT

Sanitization of various functions in order to prevent XSS.

Official description: Remove kses from before/after attribute.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

[APPSEC-1493] CMS Page Title Stored XSS

Tue, 08 May 2018 11:59:12 GMT

A Magento administrator could inject executable scripts in non-executable areas, such as the page title.

Part of patch Magento 2.0.16 and 2.1.9 Security Update

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

[20180508] - Possible XSS attack in the redirect method

Thu, 24 May 2018 13:17:56 GMT

Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in a XSS vulnerability.

CVE-2018-11328

Part of security release: 3.8.8

This vulnerability affects the following application versions:

Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8-rc

[20180506] Filter field in com_fields allowed remote code execution

Thu, 24 May 2018 13:17:56 GMT

Inadequate filtering had allowed users authorized to create custom fields to manipulate the filtering options and inject an unvalidated option.

This vulnerability affects the following application versions:

Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8-rc

[20180502] Add PHAR files to the upload blacklist

Thu, 24 May 2018 13:17:56 GMT

Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.

CVE Number: CVE-2018-11322

Part of security release: 3.8.8

This vulnerability affects the following application versions:

Joomla 3.4.0
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8-rc

[20180501] ACL violation in access levels

Thu, 24 May 2018 13:17:56 GMT

Inadequate checks had allowed users to modify the access levels of user groups with higher permissions.

This vulnerability affects the following application versions:

Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8-rc

[20180503] Information Disclosure about unpublished tags

Thu, 24 May 2018 13:17:56 GMT

Inadequate checks had allowed users to see the names of tags that were either unpublished or published with restricted view permission.

This vulnerability affects the following application versions:

Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8-rc

[20180505] - XSS Vulnerabilities & additional hardening

Thu, 24 May 2018 13:17:56 GMT

Inadequate input filtering leads to multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack.

CVE-2018-11326

Part of security release: 3.8.8

This vulnerability affects the following application versions:

Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8-rc

[20180507] Session deletion race condition

Thu, 24 May 2018 13:17:56 GMT

A long running background process, such as remote checks for core or extension updates, had created a race condition where a session which was expected to be destroyed would be recreated.

This vulnerability affects the following application versions:

Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8-rc

[20180509] - XSS attack vectors in the media manager

Mon, 28 May 2018 11:06:25 GMT

Inadequate filtering of file and folder names lead to various XSS attack vectors in the media manager.

CVE-2018-6378

Part of security release: 3.8.8

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc

[APPSEC-1960] Path Traversal in static.php file

Thu, 31 May 2018 09:18:09 GMT

A user could gain file system write access using path traversal on the static.php file.

Part of patch MAGENTO 2.2.3, 2.1.12 AND 2.0.18 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.1
Magento 2.2.2

Additional escaping/sanitization for includes/classes

Mon, 04 Jun 2018 09:23:23 GMT

Official Description: Tweak where meta gets sanitized before passing to comparison function.
Escaping for includes/classes. WooCommerce 3.3.0 Introduces fixes for XSS flaws, including those covered in this patch.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

[APPSEC-1330] Unsanitized input led to denial of service

Wed, 20 Jun 2018 13:06:42 GMT

A site visitor could create an account where one of the parameters could have created a server denial-of-service. Part of SUPEE-10415.

This vulnerability affects the following application versions:

Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6

[APPSEC-1885] Stored XSS in Product Name field

Wed, 20 Jun 2018 13:06:42 GMT

An administrator with limited privileges could insert script in the product name field, potentially resulting in a stored cross-site scripting that affects other administrators. Part of SUPEE-10415.

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6

[APPSEC-1894] Remote Code Execution by leveraging unsafe unserialization

Wed, 20 Jun 2018 13:06:42 GMT

An administrator with limited privileges could insert injectable code in promo fields, creating an opportunity for arbitrary remote code execution. Part of SUPEE-10415.

This vulnerability affects the following application versions:

Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6

[20180602] - XSS vulnerability in language switcher module

Thu, 28 Jun 2018 12:16:37 GMT

In some cases the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page url.

CVE Number: CVE-2018-12711

Part of security release: 3.8.9

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9-rc

Correctly escape the random image module output (#20533)

Thu, 28 Jun 2018 12:16:37 GMT

Escape the random image module output to prevent XSS and fix an issue preventing the random image module from functioning in previous versions

Part of security release: 3.8.9

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc

Respect access of editor plugin inside profile form (#20713)

Thu, 28 Jun 2018 12:16:37 GMT

An ACL check had been added when editing content in the profile form to prevent users with insufficient permissions from making unauthorized changes to profiles.

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc

[20140901] - XSS vulnerability in com_media

Thu, 05 Jul 2018 08:17:35 GMT

Inadequate escaping leads to XSS vulnerability in com_media.

CVE-2014-6631

Part of security release: 3.2.5 and 3.3.4

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc

Add a method which resolves an Input instance and avoids eventually directory traversal and file inclusion issues

Thu, 05 Jul 2018 08:17:35 GMT

Official description: Use new method for dynamically resolving Input based on request method

This vulnerability affects the following application versions:

Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9-rc
Akeeba Backup 4.5.0
Akeeba Backup 4.5.1

Clear post password cookie when logging out preventing privilege escalation

Tue, 10 Jul 2018 12:01:07 GMT

Official description: Posts, Post Types: Clear post password cookie when logging out.

This vulnerability affects the following application versions:

WordPress 4.9
WordPress 4.9.1
WordPress 4.9.2
WordPress 4.9.3
WordPress 4.9.4
WordPress 4.9.5
WordPress 4.9.6

Escape permalink values on edit screen to prevent XSS

Tue, 10 Jul 2018 12:01:07 GMT

Official description: Comments: Escape permalink values on edit screen to prevent XSS.

This vulnerability affects the following application versions:

WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.4.11
WordPress 4.4.12
WordPress 4.4.13
WordPress 4.4.14
WordPress 4.4.15
WordPress 4.4.16
WordPress 4.4.17
WordPress 4.4.18
WordPress 4.4.19
WordPress 4.4.20
WordPress 4.4.21
WordPress 4.4.22
WordPress 4.4.23
WordPress 4.4.24
WordPress 4.4.25
WordPress 4.4.26
WordPress 4.4.27
WordPress 4.4.28
WordPress 4.4.29
WordPress 4.4.30
WordPress 4.4.31
WordPress 4.4.32
WordPress 4.4.33
WordPress 4.4.34
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.5.10
WordPress 4.5.11
WordPress 4.5.12
WordPress 4.5.13
WordPress 4.5.14
WordPress 4.5.15
WordPress 4.5.16
WordPress 4.5.17
WordPress 4.5.18
WordPress 4.5.19
WordPress 4.5.20
WordPress 4.5.21
WordPress 4.5.22
WordPress 4.5.23
WordPress 4.5.24
WordPress 4.5.25
WordPress 4.5.26
WordPress 4.5.27
WordPress 4.5.28
WordPress 4.5.29
WordPress 4.5.30
WordPress 4.5.31
WordPress 4.5.32
WordPress 4.5.33
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.6.7
WordPress 4.6.8
WordPress 4.6.9
WordPress 4.6.10
WordPress 4.6.11
WordPress 4.6.12
WordPress 4.6.13
WordPress 4.6.14
WordPress 4.6.15
WordPress 4.6.16
WordPress 4.6.17
WordPress 4.6.18
WordPress 4.6.19
WordPress 4.6.20
WordPress 4.6.21
WordPress 4.6.22
WordPress 4.6.23
WordPress 4.6.24
WordPress 4.6.25
WordPress 4.6.26
WordPress 4.6.27
WordPress 4.6.28
WordPress 4.6.29
WordPress 4.6.30
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.7.8
WordPress 4.7.9
WordPress 4.7.10
WordPress 4.7.11
WordPress 4.7.12
WordPress 4.7.13
WordPress 4.7.14
WordPress 4.7.15
WordPress 4.7.16
WordPress 4.7.17
WordPress 4.7.18
WordPress 4.7.19
WordPress 4.7.20
WordPress 4.7.21
WordPress 4.7.22
WordPress 4.7.23
WordPress 4.7.24
WordPress 4.7.25
WordPress 4.7.26
WordPress 4.7.27
WordPress 4.7.28
WordPress 4.7.29
WordPress 4.7.30
WordPress 4.7.31
WordPress 4.7.32
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.3
WordPress 4.8.4
WordPress 4.8.5
WordPress 4.8.6
WordPress 4.8.7
WordPress 4.8.8
WordPress 4.8.9
WordPress 4.8.10
WordPress 4.8.11
WordPress 4.8.12
WordPress 4.8.13
WordPress 4.8.14
WordPress 4.8.15
WordPress 4.8.16
WordPress 4.8.17
WordPress 4.8.18
WordPress 4.8.19
WordPress 4.8.20
WordPress 4.8.21
WordPress 4.8.22
WordPress 4.8.23
WordPress 4.8.24
WordPress 4.8.25
WordPress 4.8.26
WordPress 4.8.27
WordPress 4.8.28
WordPress 4.9
WordPress 4.9.1
WordPress 4.9.2
WordPress 4.9.3
WordPress 4.9.4
WordPress 4.9.5
WordPress 4.9.6

Harden randomness of hash for user/admin email address changes

Tue, 10 Jul 2018 12:01:07 GMT

Official description: Harden the random aspect of the hash used for user profile and admin email address changes.

This vulnerability affects the following application versions:

WordPress 4.9
WordPress 4.9.1
WordPress 4.9.2
WordPress 4.9.3
WordPress 4.9.4
WordPress 4.9.5
WordPress 4.9.6

New privacy logic and enhancements added

Tue, 10 Jul 2018 12:01:07 GMT

Official description:

Privacy: Correct the error check when creating an export folder in `wp_privacy_generate_personal_data_export_file()`.
Privacy: Make sure `wp_add_privacy_policy_content()` does not cause a fatal error by unintentionally flushing rewrite rules outside of the admin context.
Privacy: Only link to menus panel in Customizer if selected privacy page can be accessed there.

This vulnerability affects the following application versions:

WordPress 4.9
WordPress 4.9.1
WordPress 4.9.2
WordPress 4.9.3
WordPress 4.9.4
WordPress 4.9.5
WordPress 4.9.6

Taxonomy improve cache handling for term queries

Tue, 10 Jul 2018 12:01:07 GMT

Not supported objects could be inserted into the "term queries" cache causing potential code injection.

This vulnerability affects the following application versions:

WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.7.8
WordPress 4.7.9
WordPress 4.7.10
WordPress 4.7.11
WordPress 4.7.12
WordPress 4.7.13
WordPress 4.7.14
WordPress 4.7.15
WordPress 4.7.16
WordPress 4.7.17
WordPress 4.7.18
WordPress 4.7.19
WordPress 4.7.20
WordPress 4.7.21
WordPress 4.7.22
WordPress 4.7.23
WordPress 4.7.24
WordPress 4.7.25
WordPress 4.7.26
WordPress 4.7.27
WordPress 4.7.28
WordPress 4.7.29
WordPress 4.7.30
WordPress 4.7.31
WordPress 4.7.32
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.3
WordPress 4.8.4
WordPress 4.8.5
WordPress 4.8.6
WordPress 4.8.7
WordPress 4.8.8
WordPress 4.8.9
WordPress 4.8.10
WordPress 4.8.11
WordPress 4.8.12
WordPress 4.8.13
WordPress 4.8.14
WordPress 4.8.15
WordPress 4.8.16
WordPress 4.8.17
WordPress 4.8.18
WordPress 4.8.19
WordPress 4.8.20
WordPress 4.8.21
WordPress 4.8.22
WordPress 4.8.23
WordPress 4.8.24
WordPress 4.8.25
WordPress 4.8.26
WordPress 4.8.27
WordPress 4.8.28
WordPress 4.9
WordPress 4.9.1
WordPress 4.9.2
WordPress 4.9.3
WordPress 4.9.4
WordPress 4.9.5
WordPress 4.9.6

User with certain capabilities could delete files outside uploads directory

Tue, 10 Jul 2018 12:01:07 GMT

Official description: a file deletion issue where a user with the capability to edit and delete media files could potentially manipulate media metadata to attempt to delete files outside the uploads directory.

This vulnerability affects the following application versions:

WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.7.22
WordPress 3.7.23
WordPress 3.7.24
WordPress 3.7.25
WordPress 3.7.26
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.8.22
WordPress 3.8.23
WordPress 3.8.24
WordPress 3.8.25
WordPress 3.8.26
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 3.9.20
WordPress 3.9.21
WordPress 3.9.22
WordPress 3.9.23
WordPress 3.9.24
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.0.19
WordPress 4.0.20
WordPress 4.0.21
WordPress 4.0.22
WordPress 4.0.23
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.1.19
WordPress 4.1.20
WordPress 4.1.21
WordPress 4.1.22
WordPress 4.1.23
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.2.16
WordPress 4.2.17
WordPress 4.2.18
WordPress 4.2.19
WordPress 4.2.20
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.3.12
WordPress 4.3.13
WordPress 4.3.14
WordPress 4.3.15
WordPress 4.3.16
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.4.11
WordPress 4.4.12
WordPress 4.4.13
WordPress 4.4.14
WordPress 4.4.15
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.5.10
WordPress 4.5.11
WordPress 4.5.12
WordPress 4.5.13
WordPress 4.5.14
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.6.7
WordPress 4.6.8
WordPress 4.6.9
WordPress 4.6.10
WordPress 4.6.11
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.7.8
WordPress 4.7.9
WordPress 4.7.10
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.3
WordPress 4.8.4
WordPress 4.8.5
WordPress 4.8.6
WordPress 4.9
WordPress 4.9.1
WordPress 4.9.2
WordPress 4.9.3
WordPress 4.9.4
WordPress 4.9.5
WordPress 4.9.6

Use the correct escaping function when outputting the meta box context to prevent XSS

Tue, 10 Jul 2018 12:01:07 GMT

Official description: Use the correct escaping function when outputting the meta box context.

This vulnerability affects the following application versions:

WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.7.22
WordPress 3.7.23
WordPress 3.7.24
WordPress 3.7.25
WordPress 3.7.26
WordPress 3.7.27
WordPress 3.7.28
WordPress 3.7.29
WordPress 3.7.30
WordPress 3.7.31
WordPress 3.7.32
WordPress 3.7.33
WordPress 3.7.34
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.8.22
WordPress 3.8.23
WordPress 3.8.24
WordPress 3.8.25
WordPress 3.8.26
WordPress 3.8.27
WordPress 3.8.28
WordPress 3.8.29
WordPress 3.8.30
WordPress 3.8.31
WordPress 3.8.32
WordPress 3.8.33
WordPress 3.8.34
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 3.9.20
WordPress 3.9.21
WordPress 3.9.22
WordPress 3.9.23
WordPress 3.9.24
WordPress 3.9.25
WordPress 3.9.26
WordPress 3.9.27
WordPress 3.9.28
WordPress 3.9.29
WordPress 3.9.30
WordPress 3.9.31
WordPress 3.9.32
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.0.19
WordPress 4.0.20
WordPress 4.0.21
WordPress 4.0.22
WordPress 4.0.23
WordPress 4.0.24
WordPress 4.0.25
WordPress 4.0.26
WordPress 4.0.27
WordPress 4.0.28
WordPress 4.0.29
WordPress 4.0.30
WordPress 4.0.31
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.1.19
WordPress 4.1.20
WordPress 4.1.21
WordPress 4.1.22
WordPress 4.1.23
WordPress 4.1.24
WordPress 4.1.25
WordPress 4.1.26
WordPress 4.1.27
WordPress 4.1.28
WordPress 4.1.29
WordPress 4.1.30
WordPress 4.1.31
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.2.16
WordPress 4.2.17
WordPress 4.2.18
WordPress 4.2.19
WordPress 4.2.20
WordPress 4.2.21
WordPress 4.2.22
WordPress 4.2.23
WordPress 4.2.24
WordPress 4.2.25
WordPress 4.2.26
WordPress 4.2.27
WordPress 4.2.28
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.3.12
WordPress 4.3.13
WordPress 4.3.14
WordPress 4.3.15
WordPress 4.3.16
WordPress 4.3.17
WordPress 4.3.18
WordPress 4.3.19
WordPress 4.3.20
WordPress 4.3.21
WordPress 4.3.22
WordPress 4.3.23
WordPress 4.3.24
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.4.11
WordPress 4.4.12
WordPress 4.4.13
WordPress 4.4.14
WordPress 4.4.15
WordPress 4.4.16
WordPress 4.4.17
WordPress 4.4.18
WordPress 4.4.19
WordPress 4.4.20
WordPress 4.4.21
WordPress 4.4.22
WordPress 4.4.23
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.5.10
WordPress 4.5.11
WordPress 4.5.12
WordPress 4.5.13
WordPress 4.5.14
WordPress 4.5.15
WordPress 4.5.16
WordPress 4.5.17
WordPress 4.5.18
WordPress 4.5.19
WordPress 4.5.20
WordPress 4.5.21
WordPress 4.5.22
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.6.7
WordPress 4.6.8
WordPress 4.6.9
WordPress 4.6.10
WordPress 4.6.11
WordPress 4.6.12
WordPress 4.6.13
WordPress 4.6.14
WordPress 4.6.15
WordPress 4.6.16
WordPress 4.6.17
WordPress 4.6.18
WordPress 4.6.19
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.7.8
WordPress 4.7.9
WordPress 4.7.10
WordPress 4.7.11
WordPress 4.7.12
WordPress 4.7.13
WordPress 4.7.14
WordPress 4.7.15
WordPress 4.7.16
WordPress 4.7.17
WordPress 4.7.18
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.3
WordPress 4.8.4
WordPress 4.8.5
WordPress 4.8.6
WordPress 4.8.7
WordPress 4.8.8
WordPress 4.8.9
WordPress 4.8.10
WordPress 4.8.11
WordPress 4.8.12
WordPress 4.8.13
WordPress 4.8.14
WordPress 4.9
WordPress 4.9.1
WordPress 4.9.2
WordPress 4.9.3
WordPress 4.9.4
WordPress 4.9.5
WordPress 4.9.6

Escaping Fix for admin metaboxes viewing translation

Thu, 12 Jul 2018 07:35:16 GMT

Data escaped and validated. Plus translator comment documentation added.

Official description: Admin metaboxes views translation escaping fix.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

Additional escaping for cart templates preventing XSS

Thu, 12 Jul 2018 07:35:16 GMT

Official description: PHPCS fixes for cart.php template

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

Sanitizes widget output to prevent XSS flaws

Thu, 12 Jul 2018 07:35:16 GMT

Sanitization of widget components.

This vulnerability affects the following application versions:

WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

Additional escaping for product templates preventing XSS

Thu, 12 Jul 2018 07:35:16 GMT

Official description: Grouped products; allow custom columns and changes to values.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

Escaping translations in api keys pages and check referer source to prevent XSS

Mon, 16 Jul 2018 07:18:45 GMT

Official description: Check admin referer instead of nonce, just like webhooks.

This vulnerability affects the following application versions:

WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Widget settings labels were vulnerable to XSS

Mon, 16 Jul 2018 07:18:45 GMT

Official description: PHPCS passing for abstract-wc-widget.php.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Escaping keys-edit admin page to prevent XSS

Mon, 16 Jul 2018 07:18:45 GMT

Official description: tip alignment

This vulnerability affects the following application versions:

WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Escape "Reduce stock" and "Increase stock" note in admin order page to prevent XSS

Mon, 16 Jul 2018 07:18:45 GMT

Official description: Allow for multiple stock updates at once.

This vulnerability affects the following application versions:

WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Escaping translation in the comment validation to prevent XSS

Mon, 16 Jul 2018 07:18:45 GMT

Official description: Fixed includes/class-wc-comments.php PHPCS violations.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

[APPSEC-1932] Remote Code Execution Using XML Injection

Mon, 16 Jul 2018 07:18:45 GMT

An administrator with limited privileges could insert injectable XML into the layout table, which could create an opportunity for remote code execution.

Part of patch SUPEE-10570

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7

Additional escaping in the admin quick edit product view to prevent XSS

Wed, 18 Jul 2018 07:59:43 GMT

Official description: Product backorder stock status.

This vulnerability affects the following application versions:

WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Escaping translations in the plugin-update view to prevent XSS

Wed, 18 Jul 2018 07:59:43 GMT

Official description: PHPCS fixes for includes/admin/plugin-updates directory

This vulnerability affects the following application versions:

WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Escaping variables in admin customer report page to prevent XSS

Wed, 18 Jul 2018 07:59:43 GMT

Official description: Fix PHPCS violations in includes/admin/reports/class-wc-report-customers.php.

This vulnerability affects the following application versions:

WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Sanitize product_type in the post data file to prevent XSS

Wed, 18 Jul 2018 07:59:43 GMT

Official description: Fixed post classes PHPCS violations.

This vulnerability affects the following application versions:

WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

[APPSEC-1928] Cross-site Scripting in downloadable product Link

Thu, 19 Jul 2018 06:59:52 GMT

An administrator with limited privileges could insert script in the downloadable product link title field, which could subsequently lead to a stored cross-site scripting attack.

Part of patch SUPEE-10570

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7

Corrects html filter for wc-action-button from esc_attr to esc_html

Thu, 19 Jul 2018 06:59:52 GMT

Official description: Allow modal to be wider and fix button wrapping.

This vulnerability affects the following application versions:

WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2-rc.1

sanitize_text_field Didn't preserve line breaks wp_kses_post

Thu, 19 Jul 2018 06:59:52 GMT

Official description: sanitize_text_field does not preserve line breaks. wp_kses_post.

This vulnerability affects the following application versions:

WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4

[APPSEC-1934] Systemic Cross-Site Request Forgery (CSRF) on the Checkout page

Thu, 19 Jul 2018 06:59:52 GMT

A user could inject a cross-site request forgery (CSRF) into a users cart on the Checkout page due to a missing CSRF token.

Part of patch SUPEE-10752

This vulnerability affects the following application versions:

Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8

[APPSEC-2007] Authenticated SQL Injection when saving a category

Thu, 19 Jul 2018 06:59:52 GMT

By manipulating request data when saving a category, a user could insert a malicious string into the database that could be used in a subsequent request to perform SQL injection. This injected code could be used to trigger arbitrary (with the proviso they fit in the 255 char field) insert and update commands.

Part of patch SUPEE-10752

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8

[APPSEC-1908/1948] - Cross-site Scripting in custom variable

Mon, 23 Jul 2018 13:38:34 GMT

An administrator with limited privileges could insert script in the custom variables name field, which could potentially result in stored cross-site scripting that affected other administrators.

Part of patch SUPEE-10570

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.1
Magento 2.2.2

Clean search label with queries

Mon, 23 Jul 2018 13:38:34 GMT

Official Description: Add search label when searching via product crud helper.

This vulnerability affects the following application versions:

WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1

Escaping translations in admin shipping settings page to prevent XSS

Mon, 23 Jul 2018 13:38:34 GMT

Official description: Set more defaults to reduce query count.

This vulnerability affects the following application versions:

WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

[APPSEC-1964] - Remote Code Execution by (semi-)arbitrary file deletion for admin users with access to Import

Mon, 23 Jul 2018 13:38:34 GMT

An administrator with Import permissions could import an XML file that could potentially provide an opportunity for Remote Code Execution (RCE).

Part of patch SUPEE-10570

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7

[APPSEC-1973] Cross-site Scripting in Newsletter Template

Mon, 23 Jul 2018 13:38:34 GMT

An administrator with limited privileges could embed cross-site scripting elements in the Newsletter template, which could potentially lead to a stored cross-site scripting attack.

Part of patch SUPEE-10570

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7

[APPSEC-1995] Cross-site Scripting in Downloadable Products

Mon, 23 Jul 2018 13:38:34 GMT

An administrator with limited privileges could insert arbitrary code into product fields, which could potentially lead to a stored cross-site scripting attack.

Part of patch SUPEE-10570

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7

[APPSEC-1937] Insufficient privilege separation

Mon, 23 Jul 2018 13:38:34 GMT

Weak protection checking could potentially lead to privilege escalation or information disclosure.

Part of patch SUPEE-10570

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7

[APPSEC-2000] Remote Code Execution in Staging Environment

Mon, 23 Jul 2018 13:38:34 GMT

An administrator with limited privileges could inject a malformed configuration bypass, which could potentially lead to a file redirection that could be leveraged for arbitrary remote code execution.

Part of patch SUPEE-10570

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7

[APPSEC-2004] Cross-Site Scripting (XSS) through Remote File Inclusion

Mon, 23 Jul 2018 13:38:34 GMT

Users could use WYSIWYG directives to include valid remote images that have embedded malicious code that persists through image recreation.

Part of patch SUPEE-10752

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8

[APPSEC-2006] Stored cross-site scripting (XSS) through the Enterprise Logging extension

Mon, 23 Jul 2018 13:38:34 GMT

The `Enterprise_Logging` extension logs request data when save events are triggered on the website. This information is displayed to administrators with limited privileges that can view the audit log. Although these saved values are escaped before output, the keys were not, which made it possible to insert cross-site scripting (XSS) on this page.

Part of patch SUPEE-10752

This vulnerability affects the following application versions:

Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8

Escape translation in a customer download log data page to prevent XSS

Tue, 24 Jul 2018 09:54:02 GMT

Official description: GDPR - Personal data export and removal.

This vulnerability affects the following application versions:

WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Sanitize gateway_order in the payment gateway class to prevent XSS

Tue, 24 Jul 2018 09:54:02 GMT

Official description: Fixed payment main classes PHPCS violations.

This vulnerability affects the following application versions:

WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Escaping variables in the e-mail class to prevent XSS

Tue, 24 Jul 2018 09:54:02 GMT

Official description: PHPCS fixes for includes/emails directory.

This vulnerability affects the following application versions:

WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Placeholder was vulnerable for XSS

Wed, 25 Jul 2018 07:07:09 GMT

Official description: Use correct escaping on placeholder.

This vulnerability affects the following application versions:

WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1

Additional escaping in the includes/gateways folder to prevent XSS

Thu, 26 Jul 2018 10:52:48 GMT

Official description: GitHub: PHPCS fixes for includes/gateways directory #19341

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Escaping fix for admin metaboxes viewing translation

Mon, 30 Jul 2018 09:12:53 GMT

Data escaped and validated. Plus translator comment documentation added.

Official description: Admin metaboxes views translation escaping fix.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

Escaping translations in admin status reports page to prevent XSS

Mon, 30 Jul 2018 09:12:53 GMT

Official description: Manually fix coding standard violations that can't be fixed with phpcbf.

This vulnerability affects the following application versions:

WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Proper escaping of login form

Tue, 31 Jul 2018 07:12:11 GMT

Official description: PHPCS fixes for global/form-login.php.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

Unsanitized woocommerce_attribute_label

Tue, 31 Jul 2018 07:12:11 GMT

Official description: Add filter to sanitize woocommerce_attribute_label.

This vulnerability affects the following application versions:

WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2

Add escaping to email downloads to prevent XSS

Wed, 01 Aug 2018 08:42:12 GMT

Official description: Switch to variable.

This vulnerability affects the following application versions:

WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Escaping attribute label in single product page to prevent XSS

Wed, 01 Aug 2018 08:42:12 GMT

Official description: Update action placement so all product types are consistent.

This vulnerability affects the following application versions:

WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Additional escaping for admin views to prevent XSS

Mon, 06 Aug 2018 07:17:00 GMT

Official description: Fix escaping.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

Additional escaping of admin reports in order to prevent XSS

Mon, 06 Aug 2018 07:17:00 GMT

Official description: PHPCS fixes for class-wc-report-sales-by-category.php.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

[APPSEC-1876] Cross-site scripting (XSS) in Admin Bundle Product Bundle Items Tab through Product SKU

Mon, 06 Aug 2018 07:17:00 GMT

Scripts in product SKUs were evaluated and executed when a user views the Bundle Items tab for a bundled product.

Part of patch SUPEE-10752

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8

[APPSEC-1945] Cross-site scripting in product SKU

Tue, 07 Aug 2018 08:11:58 GMT

An administrator with limited privileges could insert script in the RMA SKU field, which could potentially result in a stored cross-site scripting attack.

Part of patch SUPEE-10570

This vulnerability affects the following application versions:

Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7

[APPSEC-1994] CSRF in store backups

Wed, 08 Aug 2018 08:20:33 GMT

An administrator could be tricked into performing a system backup by an attacker who had crafted a targeted Cross-Site Request forgery (CSRF) attack.

Part of patch SUPEE-10570

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.1
Magento 2.2.2

[APPSEC-1913] Remote code execution through config manipulation

Thu, 09 Aug 2018 08:40:19 GMT

An administrator with limited privileges could inject a malformed configuration bypass leading to a file redirection that could be leveraged in to arbitrary remote code execution.

Part of patch SUPEE-10415

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6

[APPSEC-1938] Remote Code Execution - additional fix not included in SUPEE-9652

Mon, 13 Aug 2018 07:55:12 GMT

A user could insert information in a return path, thereby storing information on the file system that could lead to Remote Code Execution (RCE).

Part of patch SUPEE-9652

This vulnerability affects the following application versions:

Magento 1.9.3.7

[APPSEC-2001] Authenticated remote code execution (RCE) using custom layout XML

Mon, 13 Aug 2018 07:55:12 GMT

Admin users with permission to manage products could use custom layout XML to copy any file to any location.

Part of patch SUPEE-10752

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8

[APPSEC-2034] XSS in admin create order configure product via compatible file extensions

Mon, 13 Aug 2018 07:55:12 GMT

An administrator user coudl inject a malicious script into the file option type when creating a new product with a configurable option of type file. This script would then be executed when a user clicks Configure next to the product when creating an order.

Part of patch SUPEE-10752

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8

[APPSEC-1026] Session Management (not included in SUPEE-10570v2)

Mon, 13 Aug 2018 07:55:12 GMT

Active sessions persist after a password change.

Part of patch SUPEE-10570

This vulnerability affects the following application versions:

Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7

[APPSEC-1878/1890] Cross-site scripting in CMS hierarchy

Tue, 14 Aug 2018 06:44:05 GMT

An administrator with limited privileges could insert script into the CMS hierarchy, which could potentially result in a stored cross-site scripting that affects other administrators.

Part of patch MAGENTO 2.2.3, 2.1.12 AND 2.0.18 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2

[APPSEC-1916] Cross-site scripting in attribute group name

Wed, 15 Aug 2018 10:10:16 GMT

An administrator with limited privileges could insert script in the attribute group name field, which could potentially result in stored cross-site scripting that affects other administrators.

Part of patch MAGENTO 2.2.3, 2.1.12 AND 2.0.18 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2

[APPSEC-1944] Cross-site scripting in date fields

Wed, 22 Aug 2018 06:49:42 GMT

An administrator with limited privileges could insert script into the private sales events and invitations fields, which could subsequently lead to a stored cross-site scripting attack.

Part of patch MAGENTO 2.2.3, 2.1.12 AND 2.0.18 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2

Additional escaping for email templates

Thu, 23 Aug 2018 06:51:44 GMT

Official description: Correct errors per PHPCS.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

Additional sanitization of API components

Thu, 23 Aug 2018 06:51:44 GMT

Official description: Properly sanitize and format "dp".

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

[APPSEC-1891] Cross-site scripting in admin shipment tracking

Thu, 23 Aug 2018 06:51:44 GMT

An administrator with limited privileges could insert script into the shipment tracking, which could potentially result in stored cross-site scripting that affects other administrators.

Part of patch MAGENTO 2.2.3, 2.1.12 AND 2.0.18 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2

[20180801] - Hardening the InputFilter for PHAR stubs

Fri, 31 Aug 2018 10:50:18 GMT

Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter.

CVE Number: CVE-2018-15882

Part of security release: 3.8.12

This vulnerability affects the following application versions:

Joomla 3.4.0
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11

[20180802] - Stored XSS vulnerability in the frontend profile

Fri, 31 Aug 2018 10:50:18 GMT

Inadequate output filtering on the user profile page could lead to a stored XSS attack.

CVE Number: CVE-2018-15880

Part of security release: 3.8.12

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11

[20180803] - ACL Violation in custom fields

Fri, 31 Aug 2018 10:50:18 GMT

Inadequate checks regarding disabled fields can lead to an ACL violation.

CVE Number: CVE-2018-15881

Part of security release: 3.8.12

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11

[APPSEC-1850] Arbitrary file delete

Thu, 13 Sep 2018 06:58:54 GMT

A Magento administrator with limited privileges could use the delete files module to upload and delete arbitrary files.

Part of patch MAGENTO 2.0.16 AND 2.1.9 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 0.74.0-beta1
Magento 0.74.0-beta2
Magento 0.74.0-beta3
Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

[APPSEC-1545] Stored XSS through customer group name in admin panel

Thu, 13 Sep 2018 06:58:54 GMT

A Magento administrator could inject scriptable code into customer fields, which could result in an XSS attack.

Part of patch 2.0.16, 2.1.9

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

[APPSEC-1873/1979/1980] Cross-site scripting in site settings

Thu, 13 Sep 2018 06:58:54 GMT

An administrator with limited privileges could embed cross-site scripting elements in the website name/store view name setting, which could potentially lead to a stored cross-site scripting attack.

Part of patch SUPEE-10570

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7

[APPSEC-1889] Cross-Site request forgery protection bypass

Thu, 13 Sep 2018 06:58:54 GMT

An administrator with limited privileges could craft a cross-site request to perform requests on behalf of another administrator.

Part of patch SUPEE-10570

This vulnerability affects the following application versions:

Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7

Additional escaping for order templates

Tue, 18 Sep 2018 11:59:33 GMT

Official description: Additional escaping for order templates.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

Confirm navigation if nonce has expired in reports

Tue, 18 Sep 2018 11:59:33 GMT

In reports, improved XSS filtering and confirm navigation if nonce has expired.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

[APPSEC-1900] Remote code execution by leveraging 1st stage unsanitized form input

Tue, 18 Sep 2018 11:59:33 GMT

An administrator with limited privileges could create a store website that could accept and run arbitrary remote code execution.

Part of patch MAGENTO 2.2.1, 2.1.10 AND 2.0.17 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6

[APPSEC-1931] PHP Object Injection in Zend framework leading to arbitrary file deletion

Tue, 18 Sep 2018 11:59:33 GMT

An administrator with limited privileges could inject malicious code that could cause sensitive files to be deleted. He could then launch a second stage payload that would lead to arbitrary remote code execution.

Part of patch MAGENTO 2.2.1, 2.1.10 AND 2.0.17 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 0.42.0-beta11
Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6

Correct sanitization of admin components

Thu, 20 Sep 2018 06:53:56 GMT

Official description: Fixed coding standards for WC_Admin_Settings.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

[APPSEC-1947/APPSEC-1945] Cross-site scripting in RMA functionality

Thu, 20 Sep 2018 06:53:56 GMT

A user could insert script in the RMA SKU field, which could potentially result in a stored cross-site scripting attack.

Part of patch: 2.0.18, 2.1.12, 2.2.3

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2

[APPSEC-1910] Local File Inclusion (LFI) in import history

Mon, 24 Sep 2018 07:03:57 GMT

An administrator with limited privileges was able to delete critical system control files to subsequently gain privilege escalation through the import history section.

Part of patch MAGENTO 2.2.1, 2.1.10 AND 2.0.17 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6

[APPSEC-1928] Cross-site scripting in downloadable product link

Tue, 25 Sep 2018 13:41:59 GMT

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2

Improve cookie encryption

Tue, 25 Sep 2018 13:41:59 GMT

Official description: Improved cookie encryption.

This vulnerability affects the following application versions:

PrestaShop 1.7.0.0
PrestaShop 1.7.0.0 beta1
PrestaShop 1.7.0.0 beta2
PrestaShop 1.7.0.0 beta3
PrestaShop 1.7.0.0 RC0
PrestaShop 1.7.0.0 RC1
PrestaShop 1.7.0.0 RC2
PrestaShop 1.7.0.0 RC3
PrestaShop 1.7.0.1
PrestaShop 1.7.0.2
PrestaShop 1.7.0.3
PrestaShop 1.7.0.4
PrestaShop 1.7.0.5
PrestaShop 1.7.0.6
PrestaShop 1.7.1.0
PrestaShop 1.7.1.0 beta1
PrestaShop 1.7.1.1
PrestaShop 1.7.1.2
PrestaShop 1.7.2.0
PrestaShop 1.7.2.0 RC 1
PrestaShop 1.7.2.1
PrestaShop 1.7.2.2
PrestaShop 1.7.2.3
PrestaShop 1.7.2.4
PrestaShop 1.7.2.5
PrestaShop 1.7.3.0
PrestaShop 1.7.3.0 beta 1
PrestaShop 1.7.3.0 RC 1
PrestaShop 1.7.3.1
PrestaShop 1.7.3.2
PrestaShop 1.7.3.3

[APPSEC-1930] PHP Object injection in widgets could lead to remote code execution

Wed, 26 Sep 2018 07:48:32 GMT

An administrator with limited privileges could have inserted a widget block containing malicious code, creating an opportunity for arbitrary remote code execution.

Part of patch MAGENTO 2.2.1, 2.1.10 AND 2.0.17 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 0.42.0-beta4
Magento 0.42.0-beta5
Magento 0.42.0-beta6
Magento 0.42.0-beta7
Magento 0.42.0-beta8
Magento 0.42.0-beta9
Magento 0.42.0-beta10
Magento 0.42.0-beta11
Magento 0.74.0-beta1
Magento 0.74.0-beta2
Magento 0.74.0-beta3
Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6

Additional escaping for myaccount templates

Thu, 27 Sep 2018 06:49:54 GMT

Official description: Auth screen escaping.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

Adding permission levels for theme editing

Thu, 27 Sep 2018 06:49:54 GMT

Official description: Reduced permission levels for theme edition

This vulnerability affects the following application versions:

PrestaShop 1.7.3.1
PrestaShop 1.7.3.2
PrestaShop 1.7.3.3
PrestaShop 1.7.3.4

Correctly sanitize posted attributes when JS is off

Mon, 01 Oct 2018 07:37:22 GMT

Sanitizes posted attributes when JS is off.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

[APPSEC-1914] Stored XSS in CMS page area

Mon, 01 Oct 2018 07:37:22 GMT

An administrator with limited privileges could create a page within the Content Management System (CMS) with an embedded cross-site scripting attack.

Part of patch SUPEE-10415

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6

[APPSEC-1325] Stored XSS in billing agreements

Mon, 01 Oct 2018 07:37:22 GMT

An administrator with limited privileges could create billing agreements with embedded cross-site scripting elements that could subsequently lead to a stored cross-site scripting attack.

Part of patch SUPEE-10415

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9

[APPSEC-1967] Password change session management

Mon, 01 Oct 2018 07:37:22 GMT

Magento did not previously terminate existing sessions when the currently logged-in user changed his or her password.

Part of patch SUPEE-10570

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.1.0
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.1
Magento 2.2.2

Additional escaping for general metabox functions

Mon, 08 Oct 2018 06:46:06 GMT

Official description: When custom attributes are created, they are decoded. Make the values match correctly.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

Additional escaping of admin importing components

Mon, 08 Oct 2018 06:46:06 GMT

Official description: PHPCS fixes for html-csv-import-mapping.php.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

[APPSEC-1830] PHP object Injection in product attributes leading to remote code execution

Mon, 08 Oct 2018 06:46:06 GMT

An administrator with limited privileges could insert injectable code in product attributes, potentially leading to arbitrary remote code execution.

Part of patch MAGENTO 2.2.1, 2.1.10 AND 2.0.17 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0

Wrong parameter verification, allowing redirection to arbitrary URL

Mon, 08 Oct 2018 06:46:06 GMT

Official description: A wrongly verified parameter allowed redirection to an external URL.

This vulnerability affects the following application versions:

PrestaShop 1.7.2.0
PrestaShop 1.7.2.0 RC 1
PrestaShop 1.7.2.1
PrestaShop 1.7.2.2
PrestaShop 1.7.2.3
PrestaShop 1.7.2.4
PrestaShop 1.7.2.5
PrestaShop 1.7.3.0
PrestaShop 1.7.3.0 beta 1
PrestaShop 1.7.3.0 RC 1
PrestaShop 1.7.3.1
PrestaShop 1.7.3.2
PrestaShop 1.7.3.3
PrestaShop 1.7.3.4

Additional escaping for admin setting views

Tue, 09 Oct 2018 07:49:13 GMT

Official description: PHPCS fixes for html-admin-page-shipping-classes.php.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

Additional escaping for checkout templates

Thu, 11 Oct 2018 06:10:57 GMT

Official description: PHPCS fixes for template form-pay.php

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

[APPSEC-1897] Fix WSDL based patching to work with SOAP V1

Thu, 11 Oct 2018 06:10:57 GMT

This had addressed an issue affecting a small number of customers to enable two prior patches to handle SOAP v1 interactions in WSDL.

Part of patch: 1.9.3.7, 1.14.3.7, SUPEE-10415

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6

[20181004] ACL Violation in com_users for the admin verification

Thu, 11 Oct 2018 14:51:35 GMT

In case that an attacker got access to the mail account of an user who could approve admin verifications in the registration process he could activate himself.

CVE-2018-17855

Part of security release: 3.8.13

This vulnerability affects the following application versions:

Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12

[20181005] CSRF hardening in com_installer

Thu, 11 Oct 2018 14:51:35 GMT

Added additional CSRF hardening in com_installer actions in the backend.

CVE-2018-17858

Part of security release: 3.8.13

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12

[20181001] Hardening com_contact contact form

Thu, 11 Oct 2018 14:51:35 GMT

Inadequate checks in com_contact could allowed mail submission in disabled forms.

CVE-2018-17859

Part of security release: 3.8.13

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12

[20181003] Access level violation in com_tags

Thu, 11 Oct 2018 14:51:35 GMT

Inadequate checks on the tags search fields could lead to an access level violation.

CVE-2018-17857

Part of security release: 3.8.13

This vulnerability affects the following application versions:

Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12

[20181002] Inadequate default access level for com_joomlaupdate

Thu, 11 Oct 2018 14:51:35 GMT

Joomla’s com_joomlaupdate allowed the execution of arbitrary code. The default ACL config enabled access of administrator-level users to access com_joomlaupdate and trigger a code execution.

CVE-2018-17856

Part of security release: 3.8.13

This vulnerability affects the following application versions:

Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12

Sanitize product id list in "product-function" to prevent XSS

Mon, 15 Oct 2018 07:46:38 GMT

Official description: GitHub: phpcs

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Sanitize variables in templates/cart to prevent XSS

Mon, 15 Oct 2018 07:46:38 GMT

Officiële description: Add names to nonces in template files.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Path field in advanced CSV importer was broken due to an esc_url call

Mon, 15 Oct 2018 07:46:38 GMT

This fix removes the incorrect esc_url() call and replaces it with wc_clean() instead.

This vulnerability affects the following application versions:

WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2

[APPSEC-1775] Stored Cross-Site scripting in email template bypass

Wed, 17 Oct 2018 06:17:22 GMT

A Magento administrator with limited privileges could insert malicious code in email templates.

Part of patch MAGENTO 2.0.16 AND 2.1.9 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

Add new function to sanitize cost in shipping to prevent XSS

Wed, 17 Oct 2018 06:17:22 GMT

Official description: Flat rate: remove currency symbols.

This vulnerability affects the following application versions:

WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

[APPSEC-1630] Anonymous users can view upgrade progress updates

Wed, 17 Oct 2018 06:17:22 GMT

An anonymous user could visit an internal URL and see the status of a Magento upgrade.

Part of patch MAGENTO 2.0.16 AND 2.1.9 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 0.42.0-beta7
Magento 0.42.0-beta8
Magento 0.42.0-beta9
Magento 0.42.0-beta10
Magento 0.42.0-beta11
Magento 0.74.0-beta1
Magento 0.74.0-beta2
Magento 0.74.0-beta3
Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

Anonymous open redirect

Mon, 22 Oct 2018 07:27:24 GMT

Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page.

Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks.

Part of security release SA-CORE-2018-006

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.6.0
Drupal 8.6.1

Content moderation

Mon, 22 Oct 2018 07:27:24 GMT

In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.

In order to fix this issue, the following changes have been made to content moderation which may have implications for backwards compatibility:

ModerationStateConstraintValidator
Two additional services have been injected into this service. Anyone subclassing this service must ensure these additional dependencies are passed to the constructor, if the constructor has been overridden.

StateTransitionValidationInterface
An additional method has been added to this interface. Implementations of this interface which do not extend the StateTransitionValidation should implement this method.

Implementations which do extend from the StateTransitionValidation should ensure any behavioural changes they have made are also reflected in this new method.

User permissions
Previously users who didn't have access to use any content moderation transitions were granted implicit access to update content provided the state of the content did not change. Now access to an associated transition will be validated for all users in scenarios where the state of content does not change between revisions.

This vulnerability affects the following application versions:

Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.6.0
Drupal 8.6.1

Contextual Links validation

Mon, 22 Oct 2018 07:27:24 GMT

The Contextual Links module didn't sufficiently validate the requested contextual links.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access contextual links".

Part of Security release SA-CORE-2018-006.

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.6.0
Drupal 8.6.1

External URL injection through URL aliases

Mon, 22 Oct 2018 07:27:24 GMT

In certain circumstances the user could enter a particular path that triggered an open redirect to a malicious URL.

While this issue was mitigated by the fact that the user needed the administer paths permission to exploit,
the path module has been patched to prevent malicious usage.

Part of security release SA-CORE-2018-006

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 7.43
Drupal 7.44
Drupal 7.50
Drupal 7.51
Drupal 7.52
Drupal 7.53
Drupal 7.54
Drupal 7.55
Drupal 7.56
Drupal 7.57
Drupal 7.58
Drupal 7.59
Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.6.0
Drupal 8.6.1

Injection in DefaultMailSystem::mail()

Mon, 22 Oct 2018 07:27:24 GMT

When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution.

Part of security release SA-CORE-2018-006

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 7.43
Drupal 7.44
Drupal 7.50
Drupal 7.51
Drupal 7.52
Drupal 7.53
Drupal 7.54
Drupal 7.55
Drupal 7.56
Drupal 7.57
Drupal 7.58
Drupal 7.59
Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.6.0
Drupal 8.6.1

[APPSEC-1709] Customer email enumeration through frontend login

Wed, 24 Oct 2018 08:09:06 GMT

The account lockout mechanism could leak the Magento site's contact e-mail.

Part of patch MAGENTO 2.0.16 AND 2.1.9 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

[APPSEC-1588] Order item custom option disclosure

Wed, 24 Oct 2018 08:09:06 GMT

An attacker could craft a URL request on a Magento site during checkout and retrieve information about past orders.

Part of patch MAGENTO 2.0.16 AND 2.1.9 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11

[APPSEC-1495/1510/1535] Access control lists not checked properly in some pages

Mon, 29 Oct 2018 08:05:21 GMT

Combined patch, because the changes are the same.

[APPSEC-1495] Any user can interact with the sales order function despite not being authorized

[APPSEC-1510] Any admin user can upload favicon Icon

[APPSEC-1535] Access control lists not validated when using quick edit mode in tables

Part of patch 2.0.16, 2.1.9

This vulnerability affects the following application versions:

Magento 0.42.0-beta4
Magento 0.42.0-beta5
Magento 0.42.0-beta6
Magento 0.42.0-beta7
Magento 0.42.0-beta8
Magento 0.42.0-beta9
Magento 0.42.0-beta10
Magento 0.42.0-beta11
Magento 0.74.0-beta1
Magento 0.74.0-beta2
Magento 0.74.0-beta3
Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12

[APPSEC-1701] API token did not correctly expire

Mon, 29 Oct 2018 08:05:21 GMT

Customer and admin tokens did not expire correctly, which allowed for the potential re-use of a cookie by an attacker.

Part of patch MAGENTO 2.0.16 AND 2.1.9 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12

MIME type validation when uploading file via REST API's

Tue, 30 Oct 2018 08:58:01 GMT

Official description: Only allow image MIME type upload via REST APIs.

This vulnerability affects the following application versions:

WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3

[APPSEC-1567] Order history disclosure

Tue, 30 Oct 2018 08:58:01 GMT

If an anonymous attacker was given generic order information, he could generate a cookie collision and obtain order information.

Part of patch MAGENTO 2.0.16 AND 2.1.9 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

Catalog ordering "orderby" var was vulnerable to XSS

Tue, 30 Oct 2018 08:58:01 GMT

Official description: Check query var for orderby.

This vulnerability affects the following application versions:

WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4

Sanitize variables in the wc-auth file to prevent XSS

Tue, 30 Oct 2018 08:58:01 GMT

Official description: Fixed includes/class-wc-auth.php PHPCS violations.

This vulnerability affects the following application versions:

WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Redirect not properly escaped when revoking REST API keys

Tue, 30 Oct 2018 08:58:01 GMT

Redirect url was not safely escaped.

This vulnerability affects the following application versions:

WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3

Additional escaping in the includes/shortcode to prevent XSS

Wed, 31 Oct 2018 08:50:50 GMT

Official description: Fixed includes/shortcode PHPCS violations.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Billing and shipping address titles were not properly escaped for XSS

Wed, 31 Oct 2018 08:50:50 GMT

Both titles are now properly escaped and protected against XSS.

This vulnerability affects the following application versions:

WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3

[APPSEC-1577] Stored XSS in integration activation

Thu, 01 Nov 2018 09:07:49 GMT

A Magento administrator could inject code in the integration activation.

Part of security patch MAGENTO 2.0.16 AND 2.1.9 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 0.42.0-beta11
Magento 0.74.0-beta1
Magento 0.74.0-beta2
Magento 0.74.0-beta3
Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

Added missing escaping on product quick edit to avoid XSS

Thu, 01 Nov 2018 09:07:49 GMT

Better escaping on product quick edit.

This vulnerability affects the following application versions:

WooCommerce 3.0.0
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3

Added sanitation to attribut taxonomy to avoid XSS

Thu, 01 Nov 2018 09:07:49 GMT

Improvements to wc_create_attributes (DRI).

This vulnerability affects the following application versions:

WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4

[APPSEC-1755] Anti-CSRF form_key was not changed after login

Fri, 02 Nov 2018 10:52:18 GMT

The anti-CSRF form_key was not changed after a user logs in.

Part of patch MAGENTO 2.0.16 AND 2.1.9 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

[APPSEC-1769 ] Overwrite a relative path in sitemap

Fri, 02 Nov 2018 10:52:18 GMT

A Magento administrator with limited privileges could use the sitemap generation tool to arbitrarily overwrite sensitive files.

Part of patch MAGENTO 2.0.16 AND 2.1.9 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

[APPSEC-1673] Stored XSS using SVG images in favicon

Mon, 05 Nov 2018 08:02:59 GMT

A Magento administrator with limited privileges could add new SVG images that contain injected code.

Part of patch MAGENTO 2.0.16 AND 2.1.9 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 0.42.0-beta10
Magento 0.42.0-beta11
Magento 0.74.0-beta1
Magento 0.74.0-beta2
Magento 0.74.0-beta3
Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

[APPSEC-1887] Arbitrary file disclose

Mon, 05 Nov 2018 08:02:59 GMT

A Magento administrator with limited privileges could exploit a vulnerability in the theme creation function to arbitrarily disclose and delete system files of a Magento installation.

Part of patch MAGENTO 2.0.16 AND 2.1.9 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

Several refund elements were vulnerable to XSS

Mon, 05 Nov 2018 08:02:59 GMT

Adding proper escaping for admin refund part to avoid XSS.

This vulnerability affects the following application versions:

WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4

Added a random-named directory to each uploaded file’s temporary file path

Mon, 05 Nov 2018 13:17:17 GMT

Temporary upload directories were not randomly named, and could potentially be guessed by an attacker. This enhancement introduced randomly named directories to the temporary upload file path, making it significantly more difficult to guess the temporary path.

This vulnerability affects the following application versions:

Contact Form 7 3.6
Contact Form 7 3.7
Contact Form 7 3.7.1
Contact Form 7 3.7.2
Contact Form 7 3.8
Contact Form 7 3.8.1
Contact Form 7 3.9
Contact Form 7 3.9.1
Contact Form 7 3.9-beta

Allowed bypassing CAPTCHA validation when submitting form data

Mon, 05 Nov 2018 13:17:17 GMT

It was possible for a user to bypass CAPTCHA validation under certain circumstances while submitting form data. This was unintentional, and the bypass has been fixed.

This vulnerability affects the following application versions:

Contact Form 7 3.6
Contact Form 7 3.7
Contact Form 7 3.7.1

Fixed some URL outputs that used esc_url_raw in places where esc_url should have been used

Mon, 05 Nov 2018 13:17:17 GMT

Certain sections of the codebase utilized the esc_url_raw() function where the esc_url() function should have been used instead. Potentially leading to unsanitized output.

This vulnerability affects the following application versions:

Contact Form 7 3.6
Contact Form 7 3.7
Contact Form 7 3.7.1
Contact Form 7 3.7.2
Contact Form 7 3.8

Introduced wpcf7_build_query() to correctly apply urlencode to keys and values in URL queries

Mon, 05 Nov 2018 13:17:17 GMT

It was possible for certain key-value pairs found in URL queries to not be properly encoded. The introduction of the 'wpcf7_build_query()' function in this patch ensured that all key-value pairs would be properly URL encoded.

This vulnerability affects the following application versions:

Contact Form 7 3.3.1
Contact Form 7 3.3.2
Contact Form 7 3.3.3
Contact Form 7 3.4
Contact Form 7 3.4.1
Contact Form 7 3.4.2
Contact Form 7 3.5
Contact Form 7 3.5.1
Contact Form 7 3.5.2
Contact Form 7 3.5.3
Contact Form 7 3.5.4
Contact Form 7 3.6
Contact Form 7 3.7
Contact Form 7 3.7.1
Contact Form 7 3.7.2
Contact Form 7 3.8
Contact Form 7 3.8.1
Contact Form 7 3.9
Contact Form 7 3.9.1
Contact Form 7 3.9.2
Contact Form 7 3.9.3
Contact Form 7 3.9-beta
Contact Form 7 4.0
Contact Form 7 4.0.1

Introduced WPCF7_Submission::sanitize_posted_data()

Mon, 05 Nov 2018 13:17:17 GMT

A new feature was introduced that allowed data submitted through a form to be sanitized as a whole. This consolidates and simplifies the process of data input sanitization as part of the data submission process.

This vulnerability affects the following application versions:

Contact Form 7 3.6
Contact Form 7 3.7
Contact Form 7 3.7.1
Contact Form 7 3.7.2
Contact Form 7 3.8
Contact Form 7 3.8.1
Contact Form 7 3.9
Contact Form 7 3.9.1
Contact Form 7 3.9.2
Contact Form 7 3.9.3
Contact Form 7 3.9-beta
Contact Form 7 4.0
Contact Form 7 4.0.1
Contact Form 7 4.0.2
Contact Form 7 4.0.3

Introduce WPCF7_ShortcodeManager::sanitize_tag_type()

Mon, 05 Nov 2018 13:17:17 GMT

A new feature was introduced that allows for tag types to be properly sanitized.

This vulnerability affects the following application versions:

Contact Form 7 3.5.1
Contact Form 7 3.5.2
Contact Form 7 3.5.3
Contact Form 7 3.5.4
Contact Form 7 3.6
Contact Form 7 3.7
Contact Form 7 3.7.1
Contact Form 7 3.7.2
Contact Form 7 3.8
Contact Form 7 3.8.1
Contact Form 7 3.9
Contact Form 7 3.9.1
Contact Form 7 3.9.2
Contact Form 7 3.9.3
Contact Form 7 3.9-beta
Contact Form 7 4.0
Contact Form 7 4.0.1
Contact Form 7 4.0.2
Contact Form 7 4.0.3

Saved submitter’s contact info even when the submission was spam

Mon, 05 Nov 2018 13:17:17 GMT

If the Flamingo Plugin was installed alongside Contact Form 7 in order to save submitted forms to the database, then Flamingo would still save the data even when a submission was flagged as spam. With this change, spammy data is no longer saved to the database.

This vulnerability affects the following application versions:

Contact Form 7 3.6
Contact Form 7 3.7
Contact Form 7 3.7.1
Contact Form 7 3.7.2
Contact Form 7 3.8
Contact Form 7 3.8.1
Contact Form 7 3.9
Contact Form 7 3.9.1
Contact Form 7 3.9-beta

Use wp_rand() instead of mt_rand() for CAPTCHA file name generation to make it harder for attackers to predict its next value

Mon, 05 Nov 2018 13:17:17 GMT

The CAPTCHA system made use of the internal PHP random function mt_rand() when determining which CAPTCHA to phrases to present. With this new improvement, the CAPTCHA system instead makes use of the WordPress-specific wp_rand() function, which utilizes different randomization algorithms, making the CAPTCHA system much harder to predict.

This vulnerability affects the following application versions:

Contact Form 7 3.6
Contact Form 7 3.7
Contact Form 7 3.7.1
Contact Form 7 3.7.2
Contact Form 7 3.8
Contact Form 7 3.8.1
Contact Form 7 3.9
Contact Form 7 3.9.1
Contact Form 7 3.9.2
Contact Form 7 3.9.3
Contact Form 7 3.9-beta
Contact Form 7 4.0
Contact Form 7 4.0.1
Contact Form 7 4.0.2
Contact Form 7 4.0.3
Contact Form 7 4.1
Contact Form 7 4.1-beta

Clear $phpmailer->AltBody to avoid unintended inheritance from previous wp_mail() calls

Mon, 05 Nov 2018 13:17:17 GMT

Since the wp_mail() function doesn't clear the $phpmailer->AltBody attribute and uses the same $phpmailer object repetitively, it is necessary to clear any data that may have been stored in the attribute from previous wp_mail() calls.

This vulnerability affects the following application versions:

Contact Form 7 4.4
Contact Form 7 4.4.1
Contact Form 7 4.4.2
Contact Form 7 4.5
Contact Form 7 4.5.1
Contact Form 7 4.6
Contact Form 7 4.6.1
Contact Form 7 4.7
Contact Form 7 4.8

Properly remove uploaded files with permissions issues on Windows / IIS servers

Mon, 05 Nov 2018 13:17:17 GMT

Due to the way some IIS-based servers check permissions on files and directories, it was possible for some uploaded files to not be removed properly under certain circumstances. This patch altered the way Contact Form 7 deletes uploaded files to account for those specific IIS-based configurations.

This vulnerability affects the following application versions:

Contact Form 7 3.6
Contact Form 7 3.7
Contact Form 7 3.7.1
Contact Form 7 3.7.2
Contact Form 7 3.8
Contact Form 7 3.8.1
Contact Form 7 3.9
Contact Form 7 3.9.1
Contact Form 7 3.9.2
Contact Form 7 3.9.3
Contact Form 7 3.9-beta
Contact Form 7 4.0
Contact Form 7 4.0.1
Contact Form 7 4.0.2
Contact Form 7 4.0.3
Contact Form 7 4.1
Contact Form 7 4.1.1
Contact Form 7 4.1.2
Contact Form 7 4.1-beta
Contact Form 7 4.2
Contact Form 7 4.2.1
Contact Form 7 4.2.2
Contact Form 7 4.2-beta
Contact Form 7 4.3
Contact Form 7 4.3.1
Contact Form 7 4.4
Contact Form 7 4.4.1
Contact Form 7 4.4.2

Sanitize contact form titles

Mon, 05 Nov 2018 13:17:17 GMT

The title attribute of contact forms were not being thoroughly sanitized. Additional filtering measures have been implemented in this patch.

This vulnerability affects the following application versions:

Contact Form 7 3.6
Contact Form 7 3.7
Contact Form 7 3.7.1
Contact Form 7 3.7.2
Contact Form 7 3.8
Contact Form 7 3.8.1
Contact Form 7 3.9
Contact Form 7 3.9.1
Contact Form 7 3.9.2
Contact Form 7 3.9.3
Contact Form 7 3.9-beta
Contact Form 7 4.0
Contact Form 7 4.0.1
Contact Form 7 4.0.2
Contact Form 7 4.0.3
Contact Form 7 4.1
Contact Form 7 4.1.1
Contact Form 7 4.1.2
Contact Form 7 4.1-beta
Contact Form 7 4.2
Contact Form 7 4.2.1
Contact Form 7 4.2.2
Contact Form 7 4.2-beta
Contact Form 7 4.3
Contact Form 7 4.3.1
Contact Form 7 4.4
Contact Form 7 4.4.1
Contact Form 7 4.4.2
Contact Form 7 4.5
Contact Form 7 4.5.1
Contact Form 7 4.6
Contact Form 7 4.6.1

HTML is not allowed in messages

Mon, 05 Nov 2018 13:17:17 GMT

In the messages tab in a contact form editor screen, messages could be created that Contact Form 7 displays in different situations. Allowing HTML in a message can be a security risk, and as such, only plain text is allowed. This patch forcibly strips all HTML tags and entities from these messages.

This vulnerability affects the following application versions:

Contact Form 7 3.6
Contact Form 7 3.7
Contact Form 7 3.7.1
Contact Form 7 3.7.2
Contact Form 7 3.8
Contact Form 7 3.8.1
Contact Form 7 3.9
Contact Form 7 3.9.1
Contact Form 7 3.9.2
Contact Form 7 3.9.3
Contact Form 7 3.9-beta
Contact Form 7 4.0
Contact Form 7 4.0.1
Contact Form 7 4.0.2
Contact Form 7 4.0.3
Contact Form 7 4.1
Contact Form 7 4.1.1
Contact Form 7 4.1.2
Contact Form 7 4.1-beta
Contact Form 7 4.2
Contact Form 7 4.2.1
Contact Form 7 4.2.2
Contact Form 7 4.2-beta
Contact Form 7 4.3
Contact Form 7 4.3.1

Create_function() removed to avoid security risks

Mon, 05 Nov 2018 13:17:17 GMT

Avoid using create_function(). The create_function() has a security risk like eval() does, and PHP 7.2 will warn you if the function is used.

This vulnerability affects the following application versions:

Contact Form 7 3.5.3
Contact Form 7 3.5.4
Contact Form 7 3.6
Contact Form 7 3.7
Contact Form 7 3.7.1
Contact Form 7 3.7.2
Contact Form 7 3.8
Contact Form 7 3.8.1
Contact Form 7 3.9
Contact Form 7 3.9.1
Contact Form 7 3.9.2
Contact Form 7 3.9.3
Contact Form 7 3.9-beta
Contact Form 7 4.0
Contact Form 7 4.0.1
Contact Form 7 4.0.2
Contact Form 7 4.0.3
Contact Form 7 4.1
Contact Form 7 4.1.1
Contact Form 7 4.1.2
Contact Form 7 4.1-beta
Contact Form 7 4.2
Contact Form 7 4.2.1
Contact Form 7 4.2.2
Contact Form 7 4.2-beta
Contact Form 7 4.3
Contact Form 7 4.3.1
Contact Form 7 4.4
Contact Form 7 4.4.1
Contact Form 7 4.4.2
Contact Form 7 4.5
Contact Form 7 4.5.1
Contact Form 7 4.6
Contact Form 7 4.6.1
Contact Form 7 4.7
Contact Form 7 4.8
Contact Form 7 4.8.1
Contact Form 7 4.9

Properly escape particular URL displayed inside the admin page

Mon, 05 Nov 2018 13:17:17 GMT

Inside the Admin Panel, an internal URL was not being properly escaped. This patch uses the esc_url() function to properly escape the URL.

This vulnerability affects the following application versions:

Contact Form 7 4.4
Contact Form 7 4.4.1
Contact Form 7 4.4.2
Contact Form 7 4.5
Contact Form 7 4.5.1
Contact Form 7 4.6
Contact Form 7 4.6.1
Contact Form 7 4.7
Contact Form 7 4.8
Contact Form 7 4.8.1
Contact Form 7 4.9
Contact Form 7 4.9.1
Contact Form 7 4.9.2
Contact Form 7 5.0
Contact Form 7 5.0.1
Contact Form 7 5.0.2
Contact Form 7 5.0.3

Specifies the capability_type argument explicitly in the register_post_type() call

Mon, 05 Nov 2018 13:17:17 GMT

A privilege escalation vulnerability had been closed by explicitly specifying the 'capability_type' argument in the register_post_type() function call.

This vulnerability affects the following application versions:

Contact Form 7 3.9
Contact Form 7 3.9.1
Contact Form 7 3.9.2
Contact Form 7 3.9.3
Contact Form 7 3.9-beta
Contact Form 7 4.0
Contact Form 7 4.0.1
Contact Form 7 4.0.2
Contact Form 7 4.0.3
Contact Form 7 4.1
Contact Form 7 4.1.1
Contact Form 7 4.1.2
Contact Form 7 4.1-beta
Contact Form 7 4.2
Contact Form 7 4.2.1
Contact Form 7 4.2.2
Contact Form 7 4.2-beta
Contact Form 7 4.3
Contact Form 7 4.3.1
Contact Form 7 4.4
Contact Form 7 4.4.1
Contact Form 7 4.4.2
Contact Form 7 4.5
Contact Form 7 4.5.1
Contact Form 7 4.6
Contact Form 7 4.6.1
Contact Form 7 4.7
Contact Form 7 4.8
Contact Form 7 4.8.1
Contact Form 7 4.9
Contact Form 7 4.9.1
Contact Form 7 4.9.2
Contact Form 7 5.0
Contact Form 7 5.0.1
Contact Form 7 5.0.2
Contact Form 7 5.0.3

Sanitize error title admin section to prevent XSS

Tue, 06 Nov 2018 08:00:30 GMT

Sanitize error title admin section to prevent XSS

This vulnerability affects the following application versions:

WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1

Sanitize $handle in the admin log page to prevent XSS

Tue, 06 Nov 2018 08:00:30 GMT

Sanitize $handle in the admin log page to prevent XSS, and a check if the log file which is about to be deleted also really exists in the log directory.

This vulnerability affects the following application versions:

WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1

Sanitize file_url in the admin imports taxes page to prevent XSS

Wed, 07 Nov 2018 13:02:42 GMT

Official description: PHPCS fixes for includes/admin/importers directory.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

Ignore local file attachment when the file is out of WP_CONTENT_DIR

Wed, 07 Nov 2018 13:02:42 GMT

Prior to this patch, it was possible to attach a local file to a contact form upload under certain circumstances, even if the file was outside of the /wp-content/ directory. This patch updates the upload capabilities so it no longer possible to attach a local file that is outside of the /wp-content/ directory.

This vulnerability affects the following application versions:

Contact Form 7 3.9
Contact Form 7 3.9.1
Contact Form 7 3.9.2
Contact Form 7 3.9.3
Contact Form 7 3.9-beta
Contact Form 7 4.0
Contact Form 7 4.0.1
Contact Form 7 4.0.2
Contact Form 7 4.0.3
Contact Form 7 4.1
Contact Form 7 4.1.1
Contact Form 7 4.1.2
Contact Form 7 4.1-beta
Contact Form 7 4.2
Contact Form 7 4.2.1
Contact Form 7 4.2.2
Contact Form 7 4.2-beta
Contact Form 7 4.3
Contact Form 7 4.3.1
Contact Form 7 4.4
Contact Form 7 4.4.1
Contact Form 7 4.4.2
Contact Form 7 4.5
Contact Form 7 4.5.1
Contact Form 7 4.6
Contact Form 7 4.6.1
Contact Form 7 4.7
Contact Form 7 4.8
Contact Form 7 4.8.1
Contact Form 7 4.9
Contact Form 7 4.9.1
Contact Form 7 4.9.2
Contact Form 7 5.0
Contact Form 7 5.0.1
Contact Form 7 5.0.2
Contact Form 7 5.0.3

Allow shop managers to only manipulate customers through REST API

Thu, 08 Nov 2018 14:53:47 GMT

Via the Woocommerce API, it is permitted for the shopmanager to solely adjust the data of customers.

This vulnerability affects the following application versions:

WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2

[APPSEC-1800] Remote Code Execution vulnerability in CMS and layouts

Tue, 20 Nov 2018 14:11:18 GMT

A Magento administrator with limited privileges could introduce malicious code when creating a new CMS Page, which could result in arbitrary remote code execution.

Part of patch SUPEE-10266

This vulnerability affects the following application versions:

Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

[APPSEC-1896] Possible XSS in admin order view using order code label

Tue, 20 Nov 2018 14:11:18 GMT

A Magento administrator with limited privileges could insert executable code in the order view through the order code label.

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

Extra file type checking added

Tue, 20 Nov 2018 14:11:18 GMT

CSV Import function at administrator page extended with extra file type checking.

This vulnerability affects the following application versions:

WooCommerce 3.1.0
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5

Added exception for when a non-admin user tries to assign API keys to an admin

Tue, 20 Nov 2018 14:11:18 GMT

There's now a check to see if the current user has the permission to assign an API key.

This vulnerability affects the following application versions:

WooCommerce 2.4.0
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2

[APPSEC-1819] Customer login authenticates two different sessions

Tue, 20 Nov 2018 14:11:18 GMT

Magento had not correctly set concurrent sessions to expire. A customer could log out under the mistaken assumption that their sessions had expired, but later, an attacker could access the account through one of the unexpired sessions.

Part of patch: MAGENTO 2.0.16 AND 2.1.9 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

Specific webhooks are not allowed anymore

Tue, 20 Nov 2018 14:11:18 GMT

Topics such as login credentials and the path to the product CSV import file are blacklisted as callbacks.

This vulnerability affects the following application versions:

WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2

[APPSEC-1929] Path traversal in image upload

Wed, 21 Nov 2018 08:58:05 GMT

An administrator with limited privileges could insert a file in the file system using the WYSIWYG image upload process.

Part of patch MAGENTO 2.2.3, 2.1.12 AND 2.0.18 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 0.74.0-beta1
Magento 0.74.0-beta2
Magento 0.74.0-beta3
Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1

[APPSEC-1986] Local file inclusion in import history

Wed, 21 Nov 2018 08:58:05 GMT

An administrator with limited privileges can delete critical system control files to subsequently gain privilege escalation through the Import History feature.

Part of patch MAGENTO 2.2.3, 2.1.12 AND 2.0.18 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.1
Magento 2.2.2

[APPSEC-1972/APPSEC-2103] Admin password change did not force the logout of the admin user

Wed, 21 Nov 2018 08:58:05 GMT

Password changes initiated from the admin panel did not force a logout.

Part of patch SUPEE-10570

This vulnerability affects the following application versions:

Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8

[APPSEC-2005] Persistent Cross-Site Scripting (XSS) injection in configuration table

Wed, 21 Nov 2018 08:58:05 GMT

A user with access to an admin account that includes ACL permissions to save the shipping methods section of the configuration table could insert cross-site scripting into the database that was subsequently output on every section of the `System > Configuration` table.

Part of patch SUPEE-10752

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8

[APPSEC-1861] PHP Object Injection in product entries leading to remote code execution

Wed, 21 Nov 2018 08:58:05 GMT

An administrator with limited privileges could insert injectable code in promo fields, creating an opportunity for arbitrary remote code execution.

Part of patch MAGENTO 2.2.1, 2.1.10 AND 2.0.17 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12

[APPSEC-1973] Cross-site Scripting in newsletter template

Wed, 21 Nov 2018 08:58:05 GMT

An administrator with limited privileges could embed cross-site scripting elements in the newsletter template, which could potentially lead to a stored cross-site scripting attack.

Part of patch MAGENTO 2.2.3, 2.1.12 AND 2.0.18 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.1
Magento 2.2.2

[APPSEC-1993] IP spoofing

Thu, 22 Nov 2018 11:55:14 GMT

A vulnerability was found that had permitted the IP spoofing of a client’s address, which allowed the potential bypassing of any security features that rely on identifying a client by their IP source.

Part of patch SUPEE-10752

This vulnerability affects the following application versions:

Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8

[APPSEC-1935] Cross-site Scripting leading to Denial-of-Service

Tue, 27 Nov 2018 08:40:09 GMT

A user could insert script in their address field, which could potentially introduce a denial-of -service vulnerability. External reference: Fortiguard FG-VD-17-116.

Part of patch MAGENTO 2.2.3, 2.1.12 AND 2.0.18 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.1
Magento 2.2.2

[APPSEC-1951] JavaScript execution in the administrator panel

Tue, 27 Nov 2018 08:40:09 GMT

A user could insert a script in storefront field that could lead to arbitrary JavaScript code execution in the context of the administrator panel.

Part of patch: 2.2.3, 2.1.12, 2.0.18

This vulnerability affects the following application versions:

Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2

[APPSEC-1591] Stored XSS on product thumbnail

Tue, 27 Nov 2018 08:40:09 GMT

A Magento administrator with limited privileges could add new products that could contain a malicious script in the product's thumbnail.

Part of patch 2.0.16, 2.1.9

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8

[APPSEC-1882] The cron.php file could leak database credentials

Tue, 27 Nov 2018 08:40:09 GMT

The cron.php file could leak database credentials if it is not able to establish a connection to the database.

Part of Patch SUPEE-10752

This vulnerability affects the following application versions:

Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8

[APPSEC-1928] Stored XSS in Downloadable Product Links title - frontend

Tue, 27 Nov 2018 08:40:09 GMT

An administrator user with access to edit products could insert a malicious script into downloadable products. The malicious script could be triggered on the front-end and admin area.

Part of patch SUPEE-10752

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8

[APPSEC-2027] CSRF was possible against web sites, stores, and store views

Tue, 27 Nov 2018 08:40:09 GMT

Multiple CSRF vulnerabilities allowed for deleting websites, stores or store views.

Part of patch SUPEE-10752

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8

Introduces the file path check

Tue, 27 Nov 2018 08:40:09 GMT

Introduces wpcf7_is_file_path_in_content_dir() to support the use of the UPLOADS constant.

This vulnerability affects the following application versions:

Contact Form 7 4.7
Contact Form 7 4.8
Contact Form 7 4.8.1
Contact Form 7 4.9
Contact Form 7 4.9.1
Contact Form 7 4.9.2
Contact Form 7 5.0
Contact Form 7 5.0.1
Contact Form 7 5.0.2
Contact Form 7 5.0.3
Contact Form 7 5.0.4

[APPSEC-1998] Cross-site Scripting in product attributes

Wed, 28 Nov 2018 11:27:18 GMT

An administrator with limited privileges could embed cross-site scripting elements in product attributes, which could potentially lead to a cross-site scripting attack.

Part of patch MAGENTO 2.2.3, 2.1.12 AND 2.0.18 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.1
Magento 2.2.2

[APPSEC-1987] Reflective cross-site scripting (XSS) through filter manipulation

Thu, 06 Dec 2018 08:50:11 GMT

Arbitrary JavaScript could be triggered on the sales order page by manipulating one of the URL parameters.

Part of patch SUPEE-10752

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8

No proper escape at oauth start to avoid XSS

Thu, 06 Dec 2018 08:50:11 GMT

Text at Oauth start had not been properly escaped.

This vulnerability affects the following application versions:

WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2

The shopmanager can only change the customer data

Thu, 06 Dec 2018 08:50:11 GMT

The user rights for the shop manager is changed, it allows the shop manager to change only the customer details in the user management page.

This vulnerability affects the following application versions:

WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5

Added escaping for select query and unserialize data only if it was serialized when using taxanomy

Mon, 10 Dec 2018 10:22:35 GMT

When updating product attributes the old taxonomy slug was not properly escaped. And it's now only unserializing data if data was serialized.

This vulnerability affects the following application versions:

WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5

Ability to create unauthorized posts types

Thu, 20 Dec 2018 09:18:52 GMT

Authors could create posts of unauthorized post types with specially crafted input.

Part of security release 5.0.1

This vulnerability affects the following application versions:

WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.7.22
WordPress 3.7.23
WordPress 3.7.24
WordPress 3.7.25
WordPress 3.7.26
WordPress 3.7.27
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.8.22
WordPress 3.8.23
WordPress 3.8.24
WordPress 3.8.25
WordPress 3.8.26
WordPress 3.8.27
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 3.9.20
WordPress 3.9.21
WordPress 3.9.22
WordPress 3.9.23
WordPress 3.9.24
WordPress 3.9.25
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.0.19
WordPress 4.0.20
WordPress 4.0.21
WordPress 4.0.22
WordPress 4.0.23
WordPress 4.0.24
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.1.19
WordPress 4.1.20
WordPress 4.1.21
WordPress 4.1.22
WordPress 4.1.23
WordPress 4.1.24
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.2.16
WordPress 4.2.17
WordPress 4.2.18
WordPress 4.2.19
WordPress 4.2.20
WordPress 4.2.21
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.3.12
WordPress 4.3.13
WordPress 4.3.14
WordPress 4.3.15
WordPress 4.3.16
WordPress 4.3.17
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.4.11
WordPress 4.4.12
WordPress 4.4.13
WordPress 4.4.14
WordPress 4.4.15
WordPress 4.4.16
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.5.10
WordPress 4.5.11
WordPress 4.5.12
WordPress 4.5.13
WordPress 4.5.14
WordPress 4.5.15
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.6.7
WordPress 4.6.8
WordPress 4.6.9
WordPress 4.6.10
WordPress 4.6.11
WordPress 4.6.12
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.7.8
WordPress 4.7.9
WordPress 4.7.10
WordPress 4.7.11
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.3
WordPress 4.8.4
WordPress 4.8.5
WordPress 4.8.6
WordPress 4.8.7
WordPress 4.9
WordPress 4.9.1
WordPress 4.9.2
WordPress 4.9.3
WordPress 4.9.4
WordPress 4.9.5
WordPress 4.9.6
WordPress 4.9.7
WordPress 4.9.8
WordPress 5.0
WordPress 5.0 Beta 1
WordPress 5.0 Beta 2
WordPress 5.0 Beta 3
WordPress 5.0 Beta 4
WordPress 5.0 RC1
WordPress 5.0 RC2
WordPress 5.0 RC3

Bypass MIME verification by specifically crafted files

Thu, 20 Dec 2018 09:18:52 GMT

Authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability.

Part of security release 5.0.1

This vulnerability affects the following application versions:

WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.7.22
WordPress 3.7.23
WordPress 3.7.24
WordPress 3.7.25
WordPress 3.7.26
WordPress 3.7.27
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.8.22
WordPress 3.8.23
WordPress 3.8.24
WordPress 3.8.25
WordPress 3.8.26
WordPress 3.8.27
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 3.9.20
WordPress 3.9.21
WordPress 3.9.22
WordPress 3.9.23
WordPress 3.9.24
WordPress 3.9.25
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.0.19
WordPress 4.0.20
WordPress 4.0.21
WordPress 4.0.22
WordPress 4.0.23
WordPress 4.0.24
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.1.19
WordPress 4.1.20
WordPress 4.1.21
WordPress 4.1.22
WordPress 4.1.23
WordPress 4.1.24
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.2.16
WordPress 4.2.17
WordPress 4.2.18
WordPress 4.2.19
WordPress 4.2.20
WordPress 4.2.21
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.3.12
WordPress 4.3.13
WordPress 4.3.14
WordPress 4.3.15
WordPress 4.3.16
WordPress 4.3.17
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.4.11
WordPress 4.4.12
WordPress 4.4.13
WordPress 4.4.14
WordPress 4.4.15
WordPress 4.4.16
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.5.10
WordPress 4.5.11
WordPress 4.5.12
WordPress 4.5.13
WordPress 4.5.14
WordPress 4.5.15
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.6.7
WordPress 4.6.8
WordPress 4.6.9
WordPress 4.6.10
WordPress 4.6.11
WordPress 4.6.12
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.7.8
WordPress 4.7.9
WordPress 4.7.10
WordPress 4.7.11
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.3
WordPress 4.8.4
WordPress 4.8.5
WordPress 4.8.6
WordPress 4.8.7
WordPress 4.9
WordPress 4.9.1
WordPress 4.9.2
WordPress 4.9.3
WordPress 4.9.4
WordPress 4.9.5
WordPress 4.9.6
WordPress 4.9.7
WordPress 4.9.8
WordPress 5.0
WordPress 5.0 Beta 1
WordPress 5.0 Beta 2
WordPress 5.0 Beta 3
WordPress 5.0 Beta 4
WordPress 5.0 RC1
WordPress 5.0 RC2
WordPress 5.0 RC3

Object injection in metadata by contributors

Thu, 20 Dec 2018 09:18:52 GMT

Contributors could craft meta data in a way that could result in PHP object injection.

Part of security release 5.0.1

This vulnerability affects the following application versions:

WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.7.22
WordPress 3.7.23
WordPress 3.7.24
WordPress 3.7.25
WordPress 3.7.26
WordPress 3.7.27
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.8.22
WordPress 3.8.23
WordPress 3.8.24
WordPress 3.8.25
WordPress 3.8.26
WordPress 3.8.27
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 3.9.20
WordPress 3.9.21
WordPress 3.9.22
WordPress 3.9.23
WordPress 3.9.24
WordPress 3.9.25
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.0.19
WordPress 4.0.20
WordPress 4.0.21
WordPress 4.0.22
WordPress 4.0.23
WordPress 4.0.24
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.1.19
WordPress 4.1.20
WordPress 4.1.21
WordPress 4.1.22
WordPress 4.1.23
WordPress 4.1.24
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.2.16
WordPress 4.2.17
WordPress 4.2.18
WordPress 4.2.19
WordPress 4.2.20
WordPress 4.2.21
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.3.12
WordPress 4.3.13
WordPress 4.3.14
WordPress 4.3.15
WordPress 4.3.16
WordPress 4.3.17
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.4.11
WordPress 4.4.12
WordPress 4.4.13
WordPress 4.4.14
WordPress 4.4.15
WordPress 4.4.16
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.5.10
WordPress 4.5.11
WordPress 4.5.12
WordPress 4.5.13
WordPress 4.5.14
WordPress 4.5.15
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.6.7
WordPress 4.6.8
WordPress 4.6.9
WordPress 4.6.10
WordPress 4.6.11
WordPress 4.6.12
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.7.8
WordPress 4.7.9
WordPress 4.7.10
WordPress 4.7.11
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.3
WordPress 4.8.4
WordPress 4.8.5
WordPress 4.8.6
WordPress 4.8.7
WordPress 4.9
WordPress 4.9.1
WordPress 4.9.2
WordPress 4.9.3
WordPress 4.9.4
WordPress 4.9.5
WordPress 4.9.6
WordPress 4.9.7
WordPress 4.9.8
WordPress 5.0
WordPress 5.0 Beta 1
WordPress 5.0 Beta 2
WordPress 5.0 Beta 3
WordPress 5.0 Beta 4
WordPress 5.0 RC1
WordPress 5.0 RC2
WordPress 5.0 RC3

Possible indexed activation screen could lead to exposure of sensitive information

Thu, 20 Dec 2018 09:18:52 GMT

The user activation screen could be indexed by search engines in some uncommon configurations which could lead to exposure of email addresses, and in some rare cases, default generated passwords.

Part of security release 5.0.1

This vulnerability affects the following application versions:

WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.7.22
WordPress 3.7.23
WordPress 3.7.24
WordPress 3.7.25
WordPress 3.7.26
WordPress 3.7.27
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.8.22
WordPress 3.8.23
WordPress 3.8.24
WordPress 3.8.25
WordPress 3.8.26
WordPress 3.8.27
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 3.9.20
WordPress 3.9.21
WordPress 3.9.22
WordPress 3.9.23
WordPress 3.9.24
WordPress 3.9.25
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.0.19
WordPress 4.0.20
WordPress 4.0.21
WordPress 4.0.22
WordPress 4.0.23
WordPress 4.0.24
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.1.19
WordPress 4.1.20
WordPress 4.1.21
WordPress 4.1.22
WordPress 4.1.23
WordPress 4.1.24
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.2.16
WordPress 4.2.17
WordPress 4.2.18
WordPress 4.2.19
WordPress 4.2.20
WordPress 4.2.21
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.3.12
WordPress 4.3.13
WordPress 4.3.14
WordPress 4.3.15
WordPress 4.3.16
WordPress 4.3.17
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.4.11
WordPress 4.4.12
WordPress 4.4.13
WordPress 4.4.14
WordPress 4.4.15
WordPress 4.4.16
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.5.10
WordPress 4.5.11
WordPress 4.5.12
WordPress 4.5.13
WordPress 4.5.14
WordPress 4.5.15
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.6.7
WordPress 4.6.8
WordPress 4.6.9
WordPress 4.6.10
WordPress 4.6.11
WordPress 4.6.12
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.7.8
WordPress 4.7.9
WordPress 4.7.10
WordPress 4.7.11
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.3
WordPress 4.8.4
WordPress 4.8.5
WordPress 4.8.6
WordPress 4.8.7
WordPress 4.9
WordPress 4.9.1
WordPress 4.9.2
WordPress 4.9.3
WordPress 4.9.4
WordPress 4.9.5
WordPress 4.9.6
WordPress 4.9.7
WordPress 4.9.8
WordPress 5.0
WordPress 5.0 Beta 1
WordPress 5.0 Beta 2
WordPress 5.0 Beta 3
WordPress 5.0 Beta 4
WordPress 5.0 RC1
WordPress 5.0 RC2
WordPress 5.0 RC3

Check for permissions before allow edit REST API keys

Thu, 03 Jan 2019 07:43:13 GMT

Check for user role permissions before allow to edit or remove the REST API keys.

This vulnerability affects the following application versions:

WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2

Fix filemanager security breaches and extra file type check

Wed, 16 Jan 2019 09:24:34 GMT

Fix security breaches in TinyMCE filemanager plugin. Remove filemanager action image_size. Check mime type when uploading files. Fixed arbitrary image write/overwrite in Windows installation. Prevent image directory deletion.

This vulnerability affects the following application versions:

PrestaShop 1.6.0.4
PrestaShop 1.6.0.4 RC1
PrestaShop 1.6.0.5
PrestaShop 1.6.0.6
PrestaShop 1.6.0.7
PrestaShop 1.6.0.8
PrestaShop 1.6.0.9
PrestaShop 1.6.0.10
PrestaShop 1.6.0.11
PrestaShop 1.6.0.12
PrestaShop 1.6.0.13
PrestaShop 1.6.0.14
PrestaShop 1.6.1.0
PrestaShop 1.6.1.0 RC4
PrestaShop 1.6.1.0 RC5
PrestaShop 1.6.1.1
PrestaShop 1.6.1.1 RC1
PrestaShop 1.6.1.1 RC2
PrestaShop 1.6.1.2
PrestaShop 1.6.1.2 RC1
PrestaShop 1.6.1.2 RC2
PrestaShop 1.6.1.2 RC3
PrestaShop 1.6.1.2 RC4
PrestaShop 1.6.1.3
PrestaShop 1.6.1.3 RC1
PrestaShop 1.6.1.4
PrestaShop 1.6.1.5
PrestaShop 1.6.1.6
PrestaShop 1.6.1.7
PrestaShop 1.6.1.8
PrestaShop 1.6.1.9
PrestaShop 1.6.1.10
PrestaShop 1.6.1.11
PrestaShop 1.6.1.11 beta 1
PrestaShop 1.6.1.12
PrestaShop 1.6.1.13
PrestaShop 1.6.1.14
PrestaShop 1.6.1.15
PrestaShop 1.6.1.16
PrestaShop 1.6.1.17
PrestaShop 1.6.1.18
PrestaShop 1.6.1.19
PrestaShop 1.6.1.20
PrestaShop 1.6.1.21
PrestaShop 1.6.1.22
PrestaShop 1.7.0.0
PrestaShop 1.7.0.0 alpha3
PrestaShop 1.7.0.0 alpha4
PrestaShop 1.7.0.0 beta1
PrestaShop 1.7.0.0 beta2
PrestaShop 1.7.0.0 beta3
PrestaShop 1.7.0.0 RC0
PrestaShop 1.7.0.0 RC1
PrestaShop 1.7.0.0 RC2
PrestaShop 1.7.0.0 RC3
PrestaShop 1.7.0.1
PrestaShop 1.7.0.2
PrestaShop 1.7.0.3
PrestaShop 1.7.0.4
PrestaShop 1.7.0.5
PrestaShop 1.7.0.6
PrestaShop 1.7.1.0
PrestaShop 1.7.1.0 beta1
PrestaShop 1.7.1.1
PrestaShop 1.7.1.2
PrestaShop 1.7.2.0
PrestaShop 1.7.2.0 RC 1
PrestaShop 1.7.2.1
PrestaShop 1.7.2.2
PrestaShop 1.7.2.3
PrestaShop 1.7.2.4
PrestaShop 1.7.2.5
PrestaShop 1.7.3.0
PrestaShop 1.7.3.0 beta 1
PrestaShop 1.7.3.0 RC 1
PrestaShop 1.7.3.1
PrestaShop 1.7.3.2
PrestaShop 1.7.3.3
PrestaShop 1.7.3.4
PrestaShop 1.7.4.0
PrestaShop 1.7.4.0 beta 1
PrestaShop 1.7.4.1
PrestaShop 1.7.4.2
PrestaShop 1.7.4.3
PHPFusion 8.00.19

Sanitation of post content in the API products to prevent XSS

Wed, 16 Jan 2019 09:24:34 GMT

Post content of the API products were not well sanitised and could result in an XSS attack.

This vulnerability affects the following application versions:

WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2

[CVE-2019-6261] Stored XSS in com_contact

Wed, 16 Jan 2019 09:24:34 GMT

Inadequate escaping in com_contact leads to a stored XSS vulnerability.

Part of security release 3.9.2

This vulnerability affects the following application versions:

Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1

[CVE-2019-6262] Stored XSS issue in the Global Configuration help url

Wed, 16 Jan 2019 09:24:34 GMT

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.

Part of security release 3.9.2

This vulnerability affects the following application versions:

Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1

[CVE-2019-6263] Stored XSS issue in the Global Configuration textfilter settings

Wed, 16 Jan 2019 09:24:34 GMT

Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS.

Part of security release 3.9.2

This vulnerability affects the following application versions:

Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1

[CVE-2019-6264] Stored XSS in mod_banners

Wed, 16 Jan 2019 09:24:34 GMT

Inadequate escaping in mod_banners could lead to a stored XSS vulnerability.

Part of security release 3.9.2

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1

[SA-CORE-2019-002] Arbitrary PHP code execution

Fri, 18 Jan 2019 09:45:07 GMT

A remote code execution vulnerability existed in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI.

Some Drupal code (core, contrib, and custom) could be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability.

This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.

Part of security release SA-CORE-2019-002

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 6.33
Drupal 6.34
Drupal 6.35
Drupal 6.36
Drupal 6.37
Drupal 6.38
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 7.43
Drupal 7.44
Drupal 7.50
Drupal 7.51
Drupal 7.52
Drupal 7.53
Drupal 7.54
Drupal 7.55
Drupal 7.56
Drupal 7.57
Drupal 7.58
Drupal 7.59
Drupal 7.60
Drupal 7.61
Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.5.8
Drupal 8.6.0
Drupal 8.6.1
Drupal 8.6.2
Drupal 8.6.3
Drupal 8.6.4
Drupal 8.6.5

[APPSEC-1889] CSRF Protection Bypass

Wed, 30 Jan 2019 11:40:50 GMT

An administrator with limited privileges could craft a cross-site request to perform requests on behalf of another administrator.

Part of security update MAGENTO 2.2.3, 2.1.12 AND 2.0.18 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.1
Magento 2.2.2

[APPSEC-1905] Cross-site Scripting in detailed rating

Wed, 30 Jan 2019 11:40:50 GMT

An administrator with limited privileges could have had inserted script into the detailed rating, which could potentially result in stored cross-site scripting that affects other administrators.

Part of security update MAGENTO 2.2.3, 2.1.12 AND 2.0.18 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.1
Magento 2.2.2

[APPSEC-1937] Information Exposure

Wed, 30 Jan 2019 11:40:50 GMT

Weak protection checking could potentially lead to privilege escalation or information disclosure.

Part of update MAGENTO 2.2.3, 2.1.12 AND 2.0.18 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2

[APPSEC-1995] Cross-site Scripting in Downloadable Products - 2

Wed, 30 Jan 2019 11:40:50 GMT

An administrator with limited privileges could insert arbitrary code into product fields, which could potentially lead to a stored cross-site scripting attack.

Part of patch SUPEE-10570

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2

[APPSEC-1901] Local file inclusion in customer view

Mon, 04 Feb 2019 09:11:53 GMT

An administrator with limited privileges could read arbitrary files from the file system.

Part of security update MAGENTO 2.2.3, 2.1.12 AND 2.0.18 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2

[APPSEC-1272] No CSRF Protection in Order Printing

Mon, 04 Feb 2019 09:11:53 GMT

A user could craft a URL that forces another user to open the Print Order view.

Part of security update MAGENTO 2.2.3, 2.1.12 AND 2.0.18 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2

[APPSEC-1906] Cross-site Scripting in System Configuration

Mon, 04 Feb 2019 09:11:53 GMT

An administrator with system configuration privileges had covertly added JavaScript to the Magento store front.

Part of security release MAGENTO 2.2.3, 2.1.12 AND 2.0.18 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2

[APPSEC-1936] Customer password recoverable from the database

Tue, 12 Feb 2019 09:58:52 GMT

Magento customer password recoverable from the database `sales_flat_quote` table. A malicious user could use a brute-force attack to recover the `global/secret/key` from the `app/etc/local.xml` file, upload a file, and then decrypt it.

Part of patch SUPEE-10888

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8
Magento 1.9.3.9

Escaping API keys in the edit view to prevent XSS

Tue, 12 Feb 2019 09:58:52 GMT

Unescaped view of the API settings key could result in an XSS attack.

This vulnerability affects the following application versions:

WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2

[APPSEC-1730] Downloader did not force to use HTTPS

Tue, 12 Feb 2019 09:58:52 GMT

Downloader now will only use HTTPS connections.

Part of patch SUPEE-10888

This vulnerability affects the following application versions:

Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8
Magento 1.9.3.9

[APPSEC-1933] Moxieplayer Redirect

Tue, 12 Feb 2019 09:58:52 GMT

A Moxieplayer redirect allowed an open redirect to any site in an exploitable manner.

Part of patch SUPEE-10888

This vulnerability affects the following application versions:

Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8
Magento 1.9.3.9

Added escaping to the API to prevent XSS

Wed, 13 Feb 2019 08:33:26 GMT

Stored XSS vulnerability through the API which could be exploited by users with write-access API keys.

This vulnerability affects the following application versions:

WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2
WooCommerce 3.5.1

Sanitisation in product import/export

Wed, 13 Feb 2019 08:33:26 GMT

The import and export were not properly sanitized.

This vulnerability affects the following application versions:

WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2
WooCommerce 3.5.1
WooCommerce 3.5.2
WooCommerce 3.5.3

[CVE-2019-7744] Lack of URL filtering in various core components

Fri, 15 Feb 2019 09:45:51 GMT

Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2

[CVE-2019-7741] Stored XSS issue in the Global Configuration help url - 3

Fri, 15 Feb 2019 09:45:51 GMT

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.

This vulnerability affects the following application versions:

Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2

[CVE-2019-7739] Additional warning in the Global Configuration textfilter settings

Fri, 15 Feb 2019 09:45:51 GMT

"No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected for the user. An additional message is now shown in the configuration dialog.

This vulnerability affects the following application versions:

Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2

[CVE-2019-6262] Stored XSS issue in the Global Configuration help url - 2

Fri, 15 Feb 2019 09:45:51 GMT

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.

Part of security release 3.9.2

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5

Escaping of html tags in the email address to prevent XSS

Fri, 22 Feb 2019 09:41:07 GMT

Email Address was not properly escaped.

This vulnerability affects the following application versions:

WooCommerce 2.0.0
WooCommerce 2.0.0-RC1
WooCommerce 2.0.0-RC2
WooCommerce 2.0.0-RC3
WooCommerce 2.0.1
WooCommerce 2.0.2
WooCommerce 2.0.3
WooCommerce 2.0.4
WooCommerce 2.0.5
WooCommerce 2.0.6
WooCommerce 2.0.7
WooCommerce 2.0.8
WooCommerce 2.0.9
WooCommerce 2.0.10
WooCommerce 2.0.11
WooCommerce 2.0.12
WooCommerce 2.0.13
WooCommerce 2.0.14
WooCommerce 2.0.15
WooCommerce 2.0.16
WooCommerce 2.0.17
WooCommerce 2.0.18
WooCommerce 2.0.19
WooCommerce 2.0.20
WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2
WooCommerce 3.5.1
WooCommerce 3.5.2
WooCommerce 3.5.3

[SA-CORE-2019-003] Remote Code Execution

Fri, 22 Feb 2019 20:17:36 GMT

Some field types did not properly sanitize data from non-form sources. This could lead to arbitrary PHP code execution in some cases.

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.5.8
Drupal 8.5.9
Drupal 8.5.10
Drupal 8.6.0
Drupal 8.6.1
Drupal 8.6.2
Drupal 8.6.3
Drupal 8.6.4
Drupal 8.6.5
Drupal 8.6.6
Drupal 8.6.7
Drupal 8.6.8
Drupal 8.6.9

[SA-CORE-2019-003] Remote Code Execution - 2

Sat, 23 Feb 2019 14:10:02 GMT

Some field types did not properly sanitize data from non-form sources. This could lead to arbitrary PHP code execution in some cases.

Author's note: The vulnerability for "drupal/core/modules/hal/src/Normalizer/FieldItemNormalizer.php" might also be detected for versions higher than 8.6.9. This occurs because Drupal developers shipped a security fix in a separate file, but Patchman is only able to modify files (to Patch them), not create new ones on your system. As a result, our only option was to back-port the fix into an existing application file. Regrettably, the file which hosts the solution may also exist in later Drupal versions not affected by the vulnerability. If your application runs on Drupal 8.6.10 or above, and you see this detection, it does not necessarily imply a vulnerability, but neither will a subsequent Patch have any negative impact.

This vulnerability affects the following application versions:

Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.5.8
Drupal 8.5.9
Drupal 8.5.10
Drupal 8.5.11
Drupal 8.5.12
Drupal 8.5.13
Drupal 8.5.14
Drupal 8.5.15
Drupal 8.6.0
Drupal 8.6.1
Drupal 8.6.2
Drupal 8.6.3
Drupal 8.6.4
Drupal 8.6.5
Drupal 8.6.6
Drupal 8.6.7
Drupal 8.6.8
Drupal 8.6.9
Drupal 8.6.10
Drupal 8.6.11
Drupal 8.6.12
Drupal 8.6.13
Drupal 8.6.14
Drupal 8.6.15
Drupal 8.6.16
Drupal 8.6.17
Drupal 8.6.18
Drupal 8.7.0
Drupal 8.7.1
Drupal 8.7.2
Drupal 8.7.3
Drupal 8.7.4
Drupal 8.7.5
Drupal 8.7.6
Drupal 8.7.7
Drupal 8.7.8
Drupal 8.7.9
Drupal 8.7.10
Drupal 8.7.11
Drupal 8.7.12
Drupal 8.7.13
Drupal 8.7.14
Drupal 8.8.0
Drupal 8.8.1
Drupal 8.8.2
Drupal 8.8.3
Drupal 8.8.4
Drupal 8.8.5
Drupal 8.8.6
Drupal 8.8.7
Drupal 8.8.8
Drupal 8.8.9
Drupal 8.8.10
Drupal 8.8.11
Drupal 8.8.12
Drupal 8.9.0
Drupal 8.9.1
Drupal 8.9.2
Drupal 8.9.3
Drupal 8.9.4
Drupal 8.9.5
Drupal 8.9.6
Drupal 8.9.7
Drupal 8.9.8
Drupal 8.9.9
Drupal 8.9.10
Drupal 8.9.11
Drupal 8.9.12
Drupal 8.9.13
Drupal 8.9.14
Drupal 9.0.0
Drupal 9.0.1
Drupal 9.0.2
Drupal 9.0.3
Drupal 9.0.4
Drupal 9.0.5
Drupal 9.0.6
Drupal 9.0.7
Drupal 9.0.8
Drupal 9.0.9
Drupal 9.0.10
Drupal 9.0.11
Drupal 9.0.12
Drupal 9.0.13
Drupal 9.0.14
Drupal 9.1.0
Drupal 9.1.1
Drupal 9.1.2
Drupal 9.1.3

Timing attack safe string comparison

Fri, 01 Mar 2019 14:11:18 GMT

Timing attack could happen while comparing two strings.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2
WooCommerce 3.5.1
WooCommerce 3.5.2
WooCommerce 3.5.3

Improve comment content filtering

Thu, 14 Mar 2019 13:24:37 GMT

With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting.

This vulnerability affects the following application versions:

WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.1
WordPress 3.7.2
WordPress 3.7.3
WordPress 3.7.4
WordPress 3.7.5
WordPress 3.7.6
WordPress 3.7.7
WordPress 3.7.8
WordPress 3.7.9
WordPress 3.7.10
WordPress 3.7.11
WordPress 3.7.12
WordPress 3.7.13
WordPress 3.7.14
WordPress 3.7.15
WordPress 3.7.16
WordPress 3.7.17
WordPress 3.7.18
WordPress 3.7.19
WordPress 3.7.20
WordPress 3.7.21
WordPress 3.7.22
WordPress 3.7.23
WordPress 3.7.24
WordPress 3.7.25
WordPress 3.7.26
WordPress 3.7.27
WordPress 3.7.28
WordPress 3.8
WordPress 3.8.1
WordPress 3.8.2
WordPress 3.8.3
WordPress 3.8.4
WordPress 3.8.5
WordPress 3.8.6
WordPress 3.8.7
WordPress 3.8.8
WordPress 3.8.9
WordPress 3.8.10
WordPress 3.8.11
WordPress 3.8.12
WordPress 3.8.13
WordPress 3.8.14
WordPress 3.8.15
WordPress 3.8.16
WordPress 3.8.17
WordPress 3.8.18
WordPress 3.8.19
WordPress 3.8.20
WordPress 3.8.21
WordPress 3.8.22
WordPress 3.8.23
WordPress 3.8.24
WordPress 3.8.25
WordPress 3.8.26
WordPress 3.8.27
WordPress 3.8.28
WordPress 3.9
WordPress 3.9.1
WordPress 3.9.2
WordPress 3.9.3
WordPress 3.9.4
WordPress 3.9.5
WordPress 3.9.6
WordPress 3.9.7
WordPress 3.9.8
WordPress 3.9.9
WordPress 3.9.10
WordPress 3.9.11
WordPress 3.9.12
WordPress 3.9.13
WordPress 3.9.14
WordPress 3.9.15
WordPress 3.9.16
WordPress 3.9.17
WordPress 3.9.18
WordPress 3.9.19
WordPress 3.9.20
WordPress 3.9.21
WordPress 3.9.22
WordPress 3.9.23
WordPress 3.9.24
WordPress 3.9.25
WordPress 3.9.26
WordPress 4.0
WordPress 4.0.1
WordPress 4.0.2
WordPress 4.0.3
WordPress 4.0.4
WordPress 4.0.5
WordPress 4.0.6
WordPress 4.0.7
WordPress 4.0.8
WordPress 4.0.9
WordPress 4.0.10
WordPress 4.0.11
WordPress 4.0.12
WordPress 4.0.13
WordPress 4.0.14
WordPress 4.0.15
WordPress 4.0.16
WordPress 4.0.17
WordPress 4.0.18
WordPress 4.0.19
WordPress 4.0.20
WordPress 4.0.21
WordPress 4.0.22
WordPress 4.0.23
WordPress 4.0.24
WordPress 4.0.25
WordPress 4.1
WordPress 4.1.1
WordPress 4.1.2
WordPress 4.1.3
WordPress 4.1.4
WordPress 4.1.5
WordPress 4.1.6
WordPress 4.1.7
WordPress 4.1.8
WordPress 4.1.9
WordPress 4.1.10
WordPress 4.1.11
WordPress 4.1.12
WordPress 4.1.13
WordPress 4.1.14
WordPress 4.1.15
WordPress 4.1.16
WordPress 4.1.17
WordPress 4.1.18
WordPress 4.1.19
WordPress 4.1.20
WordPress 4.1.21
WordPress 4.1.22
WordPress 4.1.23
WordPress 4.1.24
WordPress 4.1.25
WordPress 4.2
WordPress 4.2.1
WordPress 4.2.2
WordPress 4.2.3
WordPress 4.2.4
WordPress 4.2.5
WordPress 4.2.6
WordPress 4.2.7
WordPress 4.2.8
WordPress 4.2.9
WordPress 4.2.10
WordPress 4.2.11
WordPress 4.2.12
WordPress 4.2.13
WordPress 4.2.14
WordPress 4.2.15
WordPress 4.2.16
WordPress 4.2.17
WordPress 4.2.18
WordPress 4.2.19
WordPress 4.2.20
WordPress 4.2.21
WordPress 4.2.22
WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.3.12
WordPress 4.3.13
WordPress 4.3.14
WordPress 4.3.15
WordPress 4.3.16
WordPress 4.3.17
WordPress 4.3.18
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.4.11
WordPress 4.4.12
WordPress 4.4.13
WordPress 4.4.14
WordPress 4.4.15
WordPress 4.4.16
WordPress 4.4.17
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.10
WordPress 4.5.11
WordPress 4.5.12
WordPress 4.5.13
WordPress 4.5.14
WordPress 4.5.15
WordPress 4.5.16
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.6.7
WordPress 4.6.8
WordPress 4.6.9
WordPress 4.6.10
WordPress 4.6.11
WordPress 4.6.12
WordPress 4.6.13
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.7.8
WordPress 4.7.9
WordPress 4.7.10
WordPress 4.7.11
WordPress 4.7.12
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.3
WordPress 4.8.4
WordPress 4.8.5
WordPress 4.8.6
WordPress 4.8.7
WordPress 4.8.8
WordPress 4.9
WordPress 4.9.1
WordPress 4.9.2
WordPress 4.9.3
WordPress 4.9.4
WordPress 4.9.5
WordPress 4.9.6
WordPress 4.9.7
WordPress 4.9.8
WordPress 4.9.9
WordPress 5.0
WordPress 5.0.1
WordPress 5.0.2
WordPress 5.0.3
WordPress 5.0 Beta 1
WordPress 5.0 Beta 2
WordPress 5.0 Beta 3
WordPress 5.0 Beta 4
WordPress 5.0 RC1
WordPress 5.0 RC2
WordPress 5.0 RC3
WordPress 5.1

[20190301] XSS in com_config JSON handler

Fri, 15 Mar 2019 15:22:14 GMT

The JSON handler in com_config lacked input validation, leading to XSS vulnerability.

CVE-2019-9712

This vulnerability affects the following application versions:

Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2
Joomla 3.9.3

[20190302] XSS in item_title layout

Fri, 15 Mar 2019 15:22:14 GMT

The item_title layout in edit views lacked escaping, leading to a XSS vulnerability.

CVE-2019-9711

This vulnerability affects the following application versions:

Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2
Joomla 3.9.3

[20190303] XSS in media form field

Fri, 15 Mar 2019 15:22:14 GMT

The media form field lacked escaping, this could lead to a XSS vulnerability.

CVE-2019-9714

This vulnerability affects the following application versions:

Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2
Joomla 3.9.3

[20190304] Missing ACL check in sample data plugins

Fri, 15 Mar 2019 15:22:14 GMT

The sample data plugins lacked ACL checks, and could allow unauthorized access.

CVE-2019-9713

This vulnerability affects the following application versions:

Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2
Joomla 3.9.3

[APPSEC-2025] Arbitrary File Delete via Product Image

Mon, 18 Mar 2019 10:08:30 GMT

An administrator user could delete arbitrary files from the server by sending modified data to the WYSIWYG admin component.

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4

[APPSEC-2048] SQL Injection through API

Thu, 21 Mar 2019 08:45:34 GMT

A authenticated API user could perform a SQL Injection by exploiting several API endpoints.

Part of security release MAGENTO 2.2.5 AND 2.1.14 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4

[APPSEC-2054] Remote Code Execution (RCE) via product import

Thu, 21 Mar 2019 08:45:34 GMT

Importing products were not properly sanitized that could expose to code execution.

Part of security release MAGENTO 2.2.5 AND 2.1.14 SECURITY UPDATE

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4

[SA-CORE-2019-004] Cross Site Scripting in the File module/subsystem

Fri, 22 Mar 2019 16:24:52 GMT

Under certain circumstances the File module/subsystem allowed a malicious user to upload a file that could trigger a cross-site scripting (XSS) vulnerability.

Part of security release SA-CORE-2019-004

This vulnerability affects the following application versions:

Drupal 6.0
Drupal 6.1
Drupal 6.2
Drupal 6.3
Drupal 6.4
Drupal 6.5
Drupal 6.6
Drupal 6.7
Drupal 6.8
Drupal 6.9
Drupal 6.10
Drupal 6.11
Drupal 6.12
Drupal 6.13
Drupal 6.14
Drupal 6.15
Drupal 6.16
Drupal 6.17
Drupal 6.18
Drupal 6.19
Drupal 6.20
Drupal 6.21
Drupal 6.22
Drupal 6.23
Drupal 6.24
Drupal 6.25
Drupal 6.26
Drupal 6.27
Drupal 6.28
Drupal 6.29
Drupal 6.30
Drupal 6.31
Drupal 6.32
Drupal 6.33
Drupal 6.34
Drupal 6.35
Drupal 6.36
Drupal 6.37
Drupal 6.38
Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 7.43
Drupal 7.44
Drupal 7.50
Drupal 7.51
Drupal 7.52
Drupal 7.53
Drupal 7.54
Drupal 7.55
Drupal 7.56
Drupal 7.57
Drupal 7.58
Drupal 7.59
Drupal 7.60
Drupal 7.61
Drupal 7.62
Drupal 7.63
Drupal 7.64
Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.5.8
Drupal 8.5.9
Drupal 8.5.10
Drupal 8.5.11
Drupal 8.5.12
Drupal 8.5.13
Drupal 8.6.0
Drupal 8.6.1
Drupal 8.6.2
Drupal 8.6.3
Drupal 8.6.4
Drupal 8.6.5
Drupal 8.6.6
Drupal 8.6.7
Drupal 8.6.8
Drupal 8.6.9
Drupal 8.6.10
Drupal 8.6.11
Drupal 8.6.12

[PRODSECBUG-2198] SQL Injection vulnerability through an unauthenticated user

Fri, 29 Mar 2019 15:41:29 GMT

An unauthenticated user could execute arbitrary code through an SQL injection vulnerability, which caused sensitive data leakage.

Part of update Magento 2.3.1, 2.2.8 and 2.1.17 Security Update

This vulnerability affects the following application versions:

Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.3.0

[APPSEC-2006] Admin Stored XSS via Enterprise Logging

Mon, 01 Apr 2019 09:40:03 GMT

The `Enterprise_Logging` extension logs requested data when save events were triggered on the website. This information was displayed to administrators with limited privileges that could view the audit log. Although these saved values were escaped before output, the keys were not, which made it possible to insert cross-site scripting (XSS) on this page.

Part of update Magento 2.2.6 and 2.1.15 Security Update

This vulnerability affects the following application versions:

Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5

[APPSEC-2045] PHP Files was possible tou uploade Via Custom Options

Mon, 01 Apr 2019 09:40:03 GMT

An attacker with limited admin privileges could create a new product (or update an existing product) to allow upload of PHP script via custom option, order that product (through the admin panel the total could be adjusted to $0.00) and uploaded an arbitrary PHP script as a custom option and then executed the PHP script via the browser to achieve RCE (again, in e.g. an nginx environment).

Part of update Magento 2.2.6 and 2.1.15 Security Update

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5

[APPSEC-2092] CSRF on Changing of orders status

Mon, 01 Apr 2019 09:40:03 GMT

Cross site request forgery vulnerability that could change the status of orders. The attack was possible if an admin had the Add Secret Key to URLs disabled.

Part of update Magento 2.2.6 and 2.1.15 Security Update

This vulnerability affects the following application versions:

Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5

[APPSEC-1502/1802/1773/1853] Combined patch to improve security for customer registration through frontend - 2

Mon, 01 Apr 2019 09:40:03 GMT

APPSEC-1502: Stored XSS - Add new group in Attribute set name
APPSEC-1802: Customer registration through frontend did not have anti-CSRF protection
APPSEC-1773: Injection on Page leading to DoS
APPSEC-1853: CSRF + Stored Cross Site Scripting in newsletter template

Part of patch Magento 2.0.16 and 2.1.9 Security Update

Note:
It can be the case that you will receive a message that the files are patched for the 2 below shown files for versions "2.1.12, 2.1.11, 2.1.10, 2.1.9". As stated in this message the security fix is coming from 2.1.9. What we had to do is move code from a newly introduced file to "AbstractBlock.php". This is code wise the most logical place. It it turns out that the hashes of version range 2.1.12-2.1.5 is the same for "AbstractBlock.php". Therefor we automatically have to patch the entire range. This is currently due to the limitations of our system.

vendor/magento/framework/View/Element/AbstractBlock.php
vendor/magento/framework/Escaper.php

This vulnerability affects the following application versions:

Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12

[APPSEC-2027] Multiple CSRF (Website, Store, Store View deletion)

Mon, 01 Apr 2019 09:40:03 GMT

Multiple CSRF attack had occurred in the website, web stores and also in the view deletion options.

Part of update Magento 2.2.6 and 2.1.15 Security Update

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5

[APPSEC-2059] CSRF Mass Deletion of Customers

Tue, 02 Apr 2019 07:59:46 GMT

Allowed a deletion of single or all store customers. When a POST request that performed the deletion of customers was switched to GET, the lack of form_key parameter that served as a CSRF token was completely ignored, allowing the request to be used in Cross-Site Request Forgery attacks.

Part of update Magento 2.2.6 and 2.1.15 Security Update

This vulnerability affects the following application versions:

Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.2.4
Magento 2.2.5

[20190402] Helpsites refresh endpoint were callable for unauthenticated users

Wed, 10 Apr 2019 14:51:13 GMT

The "refresh list of helpsites" endpoint of com_users lacked access checks, and allowed calls from unauthenticated users.

CVE-2019-10946

This vulnerability affects the following application versions:

Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2
Joomla 3.9.3
Joomla 3.9.4

Sanitize shipping method labels/titles - 3

Mon, 15 Apr 2019 09:18:47 GMT

wc_clean Sanitizes arrays recursively. And escaping for translated strings were added.

This vulnerability affects the following application versions:

WooCommerce 2.0.0
WooCommerce 2.0.0-RC2
WooCommerce 2.0.0-RC3
WooCommerce 2.0.1
WooCommerce 2.0.2
WooCommerce 2.0.3
WooCommerce 2.0.4
WooCommerce 2.0.5
WooCommerce 2.0.6
WooCommerce 2.0.7
WooCommerce 2.0.8
WooCommerce 2.0.9
WooCommerce 2.0.10
WooCommerce 2.0.11
WooCommerce 2.0.12
WooCommerce 2.0.13
WooCommerce 2.0.14
WooCommerce 2.0.15
WooCommerce 2.0.16
WooCommerce 2.0.17
WooCommerce 2.0.18
WooCommerce 2.0.19
WooCommerce 2.0.20
WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13

[APPSEC-2047] Customer orders viewable on frontend by other customers

Wed, 17 Apr 2019 08:49:17 GMT

The blocks in the sales_order_print.xml layout in the Magento_Sales module had never been set to private or non-cacheable. Therefore, if the full-page cache had enabled, and a signed-in user visits the print order page. Any other signed in user could visit that url and see their detailed order information.

Part of update Magento 2.2.6 and 2.1.15 Security Update

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5

[APPSEC-2058] CSRF Mass Deletion of Products

Wed, 17 Apr 2019 08:49:17 GMT

Allows a deletion of single or all store products. When a POST request that performs the deletion of products was switched to GET, the lack of form_key parameter that serves as a CSRF token was completely ignored, allowing the request to be used in Cross-Site Request Forgery attacks+

Part of Magento 2.1.15, 2.2.6

This vulnerability affects the following application versions:

Magento 0.42.0-beta9
Magento 0.42.0-beta10
Magento 0.42.0-beta11
Magento 0.74.0-beta1
Magento 0.74.0-beta2
Magento 0.74.0-beta3
Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5

Escaping fix for admin metaboxes viewing translation to prevent XSS - 2

Wed, 17 Apr 2019 08:49:17 GMT

Data escaped and validated.

Official description: Admin metaboxes views translation escaping fix.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6

[APPSEC-2061] Authenticated unauthorised data access via layout injection

Wed, 24 Apr 2019 07:38:59 GMT

An administrator with limited permissions was able to obtain information outside of his permissions.

Part of update SUPEE-10888

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8
Magento 1.9.3.9

[APPSEC-2066] Admin to Admin XSS in Catalog Attribute Media Label

Wed, 24 Apr 2019 07:38:59 GMT

Administrator with limited permissions was able to use XSS attack on another administrator.

Part of update SUPEE-10888

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8
Magento 1.9.3.9

At the admin notices page the GET variable was vulnerable to XSS

Mon, 29 Apr 2019 08:45:16 GMT

Official description: GitHub: Fixed PHPCS violations

This vulnerability affects the following application versions:

WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6

[APPSEC-2060] Overwrite all reviews

Mon, 29 Apr 2019 08:45:16 GMT

In specific configurations, it had been possible to overwrite reviews.

Part of update SUPEE-10888

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8
Magento 1.9.3.9

[APPSEC-2067] Admin to admin XSS in configurable custom attribute label

Tue, 30 Apr 2019 07:45:31 GMT

Administrator with limited permissions was able to use XSS attack on another administrator.

Part of update SUPEE-10888

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8
Magento 1.9.3.9

[APPSEC-1971] Reflective XSS against admin panel

Wed, 01 May 2019 08:42:19 GMT

Arbitrary JS could be triggered on the sales order grid page by manipulating one of the URL parameters.

Part of patch SUPEE-10888

This vulnerability affects the following application versions:

Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8
Magento 1.9.3.9

Yoast notification escape

Fri, 03 May 2019 11:13:45 GMT

The Yoast notification message type was not properly escaped against XSS attack.

This vulnerability affects the following application versions:

Yoast SEO 1.5.3
Yoast SEO 1.5.3.1
Yoast SEO 1.5.3.2
Yoast SEO 1.5.3.3
Yoast SEO 1.5.4
Yoast SEO 1.5.4.1
Yoast SEO 1.5.4.2
Yoast SEO 1.5.5
Yoast SEO 1.5.5.1
Yoast SEO 1.5.5.2
Yoast SEO 1.5.5.3
Yoast SEO 1.5.6
Yoast SEO 1.6
Yoast SEO 1.6.1
Yoast SEO 1.6.2
Yoast SEO 1.6.3
Yoast SEO 1.7
Yoast SEO 1.7.1

Validation of image attachment

Fri, 03 May 2019 11:13:45 GMT

Image attachment to the open graph was not properly validated.

This vulnerability affects the following application versions:

Yoast SEO 7.4

XSS in com_users ACL debug views

Thu, 09 May 2019 08:35:58 GMT

The debug views of com_users did not properly escape user supplied data, which leads to a potential XSS attack vector.

CVE-2019-11809

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2
Joomla 3.9.3
Joomla 3.9.4
Joomla 3.9.5

Escaping of HTML chars to prevent XSS

Mon, 13 May 2019 08:11:46 GMT

Unescaped html chars could lead to a possible XSS attack.

This vulnerability affects the following application versions:

Yoast SEO 3.7.0
Yoast SEO 3.7.1
Yoast SEO 3.8
Yoast SEO 3.9
Yoast SEO 4.0
Yoast SEO 4.0.2
Yoast SEO 4.1
Yoast SEO 4.2
Yoast SEO 4.2.1
Yoast SEO 4.3
Yoast SEO 4.4
Yoast SEO 4.5
Yoast SEO 4.6
Yoast SEO 4.7
Yoast SEO 4.7.1
Yoast SEO 4.8
Yoast SEO 4.9
Yoast SEO 5.0
Yoast SEO 5.0.1
Yoast SEO 5.0.2
Yoast SEO 5.1
Yoast SEO 5.2
Yoast SEO 5.3
Yoast SEO 5.3.1
Yoast SEO 5.3.2
Yoast SEO 5.3.3
Yoast SEO 5.4.0
Yoast SEO 5.4.1
Yoast SEO 5.4.2
Yoast SEO 5.5
Yoast SEO 5.5.1
Yoast SEO 5.6
Yoast SEO 5.6.1
Yoast SEO 5.7
Yoast SEO 5.7.1
Yoast SEO 5.8
Yoast SEO 5.9
Yoast SEO 5.9.1
Yoast SEO 5.9.2
Yoast SEO 5.9.3
Yoast SEO 6.0
Yoast SEO 6.1
Yoast SEO 6.1.1
Yoast SEO 6.2
Yoast SEO 6.3
Yoast SEO 6.3.1
Yoast SEO 7.0
Yoast SEO 7.0.1
Yoast SEO 7.0.2
Yoast SEO 7.0.3
Yoast SEO 7.1
Yoast SEO 7.2
Yoast SEO 7.3
Yoast SEO 7.4
Yoast SEO 7.4.1
Yoast SEO 7.4.2
Yoast SEO 7.5
Yoast SEO 7.5.1
Yoast SEO 7.5.3
Yoast SEO 7.6
Yoast SEO 7.6.1
Yoast SEO 7.7
Yoast SEO 7.7.1
Yoast SEO 7.7.2
Yoast SEO 7.7.3
Yoast SEO 7.8
Yoast SEO 7.9
Yoast SEO 7.9.1
Yoast SEO 8.0
Yoast SEO 8.1
Yoast SEO 8.1.1
Yoast SEO 8.1.2
Yoast SEO 8.2
Yoast SEO 8.2.1
Yoast SEO 8.3
Yoast SEO 8.4
Yoast SEO 9.0
Yoast SEO 9.0.1
Yoast SEO 9.0.2
Yoast SEO 9.0.3
Yoast SEO 9.1
Yoast SEO 9.2
Yoast SEO 9.2.1
Yoast SEO 9.3
Yoast SEO 9.4
Yoast SEO 9.5

Escaping promo extension message to prevent XSS

Mon, 13 May 2019 08:11:46 GMT

The promo extension messages were not properly escaped which could result in an XSS attack.

This vulnerability affects the following application versions:

Yoast SEO 2.3
Yoast SEO 2.3.1
Yoast SEO 2.3.2
Yoast SEO 2.3.3
Yoast SEO 2.3.4
Yoast SEO 2.3.5
Yoast SEO 3.0
Yoast SEO 3.0.1
Yoast SEO 3.0.2
Yoast SEO 3.0.3
Yoast SEO 3.0.4
Yoast SEO 3.0.5
Yoast SEO 3.0.6
Yoast SEO 3.0.7
Yoast SEO 3.1
Yoast SEO 3.1.1
Yoast SEO 3.1.2
Yoast SEO 3.2
Yoast SEO 3.2.1
Yoast SEO 3.2.2
Yoast SEO 3.2.3
Yoast SEO 3.2.4
Yoast SEO 3.2.5
Yoast SEO 3.3.0
Yoast SEO 3.3.1
Yoast SEO 3.3.2
Yoast SEO 3.3.3
Yoast SEO 3.3.4
Yoast SEO 3.4
Yoast SEO 3.4.1
Yoast SEO 3.4.2
Yoast SEO 3.5
Yoast SEO 3.6
Yoast SEO 3.6.1
Yoast SEO 3.7.0
Yoast SEO 3.7.1
Yoast SEO 3.8
Yoast SEO 3.9
Yoast SEO 4.0
Yoast SEO 4.0.2
Yoast SEO 4.1
Yoast SEO 4.2
Yoast SEO 4.2.1
Yoast SEO 4.3
Yoast SEO 4.4
Yoast SEO 4.5
Yoast SEO 4.6
Yoast SEO 4.7
Yoast SEO 4.7.1
Yoast SEO 4.8
Yoast SEO 4.9
Yoast SEO 5.0
Yoast SEO 5.0.1
Yoast SEO 5.0.2
Yoast SEO 5.1
Yoast SEO 5.2
Yoast SEO 5.3
Yoast SEO 5.3.1
Yoast SEO 5.3.2
Yoast SEO 5.3.3
Yoast SEO 5.4.0
Yoast SEO 5.4.1
Yoast SEO 5.4.2
Yoast SEO 5.5
Yoast SEO 5.5.1
Yoast SEO 5.6
Yoast SEO 5.6.1
Yoast SEO 5.7
Yoast SEO 5.7.1
Yoast SEO 5.8
Yoast SEO 5.9
Yoast SEO 5.9.1
Yoast SEO 5.9.2
Yoast SEO 5.9.3
Yoast SEO 6.0
Yoast SEO 6.1
Yoast SEO 6.1.1
Yoast SEO 6.2
Yoast SEO 6.3
Yoast SEO 6.3.1
Yoast SEO 7.0
Yoast SEO 7.0.1
Yoast SEO 7.0.2
Yoast SEO 7.0.3
Yoast SEO 7.1
Yoast SEO 7.2
Yoast SEO 7.3
Yoast SEO 7.4
Yoast SEO 7.4.1
Yoast SEO 7.4.2
Yoast SEO 7.5
Yoast SEO 7.5.1
Yoast SEO 7.5.3
Yoast SEO 7.6
Yoast SEO 7.6.1
Yoast SEO 7.7
Yoast SEO 7.7.1
Yoast SEO 7.7.2
Yoast SEO 7.7.3
Yoast SEO 7.8
Yoast SEO 7.9
Yoast SEO 7.9.1
Yoast SEO 8.0
Yoast SEO 8.1
Yoast SEO 8.1.1
Yoast SEO 8.1.2
Yoast SEO 8.2
Yoast SEO 8.2.1
Yoast SEO 8.3
Yoast SEO 8.4
Yoast SEO 9.0
Yoast SEO 9.0.1
Yoast SEO 9.0.2
Yoast SEO 9.0.3
Yoast SEO 9.1
Yoast SEO 9.2
Yoast SEO 9.2.1
Yoast SEO 9.3
Yoast SEO 9.4
Yoast SEO 9.5

Escaping html chars to prevent XSS

Mon, 13 May 2019 08:11:46 GMT

Unescaped html chars at the frontend could result into an XSS attack.

This vulnerability affects the following application versions:

Yoast SEO 7.4
Yoast SEO 7.4.1
Yoast SEO 7.4.2
Yoast SEO 7.5
Yoast SEO 7.5.1
Yoast SEO 7.5.3
Yoast SEO 7.6
Yoast SEO 7.6.1
Yoast SEO 7.7
Yoast SEO 7.7.1
Yoast SEO 7.7.2
Yoast SEO 7.7.3
Yoast SEO 7.8
Yoast SEO 7.9
Yoast SEO 7.9.1
Yoast SEO 8.0
Yoast SEO 8.1
Yoast SEO 8.1.1
Yoast SEO 8.1.2
Yoast SEO 8.2
Yoast SEO 8.2.1
Yoast SEO 8.3
Yoast SEO 8.4
Yoast SEO 9.0
Yoast SEO 9.0.1
Yoast SEO 9.0.2
Yoast SEO 9.0.3
Yoast SEO 9.1
Yoast SEO 9.2
Yoast SEO 9.2.1
Yoast SEO 9.3
Yoast SEO 9.4
Yoast SEO 9.5

[ PRODSECBUG-2053 ] Vulnerability in Newsletter Template

Tue, 14 May 2019 09:11:24 GMT

Newsletter template settings had been vulnerable to cross-site scripting attacks.

Part of update Magento 2.2.7 and 2.1.16 Security Update

This vulnerability affects the following application versions:

Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15

[PRODSECBUG-2069] Vulnerability in Attribute Group Name

Tue, 14 May 2019 09:11:24 GMT

Reflected XSS could be inserted into an attribute group name in Admin > Stores > Attribute Set.

Part of update Magento 2.2.7 and 2.1.16 Security Update

This vulnerability affects the following application versions:

Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6

[PRODSECBUG-2113] Vulnerability in Customer Shopping Cart

Tue, 14 May 2019 09:11:24 GMT

The customer shopping cart and coupons had been vulnerable to cross-site scripting attacks.

Part of Magento 2.2.7 and 2.1.16 Security Update

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6

[PRODSECBUG-2148] Remote Code Execution and Arbitrary Move File

Tue, 14 May 2019 09:11:24 GMT

A vulnerability in the Admin import feature permitted a user to upload a file that they could subsequently use to remotely execute malicious code.

Part of update Magento 2.2.7 and 2.1.16 Security Update

This vulnerability affects the following application versions:

Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6

[PRODSECBUG-2156] Remote Code Execution through Unauthorized File Upload

Tue, 14 May 2019 09:11:24 GMT

A user could upload unauthorized files while uploading videos.

Part of Magento 2.2.7 and 2.1.16 Security Update

This vulnerability affects the following application versions:

Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.2.0
Magento 2.2.0-rc3.0
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6

Add sanitation to Input variables in the bulk editor and ajax module to prevent XSS

Tue, 14 May 2019 09:11:24 GMT

Input variables in the bulk editor and ajax module were vulnerable to XSS.

This vulnerability affects the following application versions:

Yoast SEO 1.5.5
Yoast SEO 1.5.5.1
Yoast SEO 1.5.5.2
Yoast SEO 1.5.5.3
Yoast SEO 1.5.6
Yoast SEO 1.6
Yoast SEO 1.6.1
Yoast SEO 1.6.2
Yoast SEO 1.6.3
Yoast SEO 1.7
Yoast SEO 1.7.1
Yoast SEO 2.0
Yoast SEO 2.0.1
Yoast SEO 2.1
Yoast SEO 2.1.1
Yoast SEO 2.2
Yoast SEO 2.2.1
Yoast SEO 2.3
Yoast SEO 2.3.1
Yoast SEO 2.3.2
Yoast SEO 2.3.3
Yoast SEO 2.3.4
Yoast SEO 2.3.5
Yoast SEO 3.0
Yoast SEO 3.0.1
Yoast SEO 3.0.2
Yoast SEO 3.0.3
Yoast SEO 3.0.4
Yoast SEO 3.0.5
Yoast SEO 3.0.6
Yoast SEO 3.0.7
Yoast SEO 3.1
Yoast SEO 3.1.1
Yoast SEO 3.1.2
Yoast SEO 3.2
Yoast SEO 3.2.1
Yoast SEO 3.2.2
Yoast SEO 3.2.3
Yoast SEO 3.2.4
Yoast SEO 3.2.5
Yoast SEO 3.3.0
Yoast SEO 3.3.1
Yoast SEO 3.3.2
Yoast SEO 3.3.3
Yoast SEO 3.3.4
Yoast SEO 3.4
Yoast SEO 3.4.1
Yoast SEO 3.4.2
Yoast SEO 3.5
Yoast SEO 3.6
Yoast SEO 3.6.1
Yoast SEO 3.7.0
Yoast SEO 3.7.1
Yoast SEO 3.8
Yoast SEO 3.9
Yoast SEO 4.0
Yoast SEO 4.0.2
Yoast SEO 4.1
Yoast SEO 4.2
Yoast SEO 4.2.1
Yoast SEO 4.3
Yoast SEO 4.4
Yoast SEO 4.5
Yoast SEO 4.6
Yoast SEO 4.7
Yoast SEO 4.7.1
Yoast SEO 4.8
Yoast SEO 4.9
Yoast SEO 5.0
Yoast SEO 5.0.1
Yoast SEO 5.0.2
Yoast SEO 5.1
Yoast SEO 5.2
Yoast SEO 5.3
Yoast SEO 5.3.1
Yoast SEO 5.3.2
Yoast SEO 5.3.3
Yoast SEO 5.4.0
Yoast SEO 5.4.1
Yoast SEO 5.4.2
Yoast SEO 5.5
Yoast SEO 5.5.1
Yoast SEO 5.6
Yoast SEO 5.6.1
Yoast SEO 5.7
Yoast SEO 5.7.1
Yoast SEO 5.8
Yoast SEO 5.9
Yoast SEO 5.9.1
Yoast SEO 5.9.2
Yoast SEO 5.9.3
Yoast SEO 6.0
Yoast SEO 6.1
Yoast SEO 6.1.1
Yoast SEO 6.2
Yoast SEO 6.3
Yoast SEO 6.3.1
Yoast SEO 7.0
Yoast SEO 7.0.1
Yoast SEO 7.0.2
Yoast SEO 7.0.3
Yoast SEO 7.1
Yoast SEO 7.2
Yoast SEO 7.3
Yoast SEO 7.4
Yoast SEO 7.4.1
Yoast SEO 7.4.2
Yoast SEO 7.5
Yoast SEO 7.5.1
Yoast SEO 7.5.3
Yoast SEO 7.6
Yoast SEO 7.6.1
Yoast SEO 7.7
Yoast SEO 7.7.1
Yoast SEO 7.7.2
Yoast SEO 7.7.3
Yoast SEO 7.8
Yoast SEO 7.9
Yoast SEO 7.9.1
Yoast SEO 8.0
Yoast SEO 8.1
Yoast SEO 8.1.1
Yoast SEO 8.1.2
Yoast SEO 8.2
Yoast SEO 8.2.1
Yoast SEO 8.3
Yoast SEO 8.4
Yoast SEO 9.0
Yoast SEO 9.0.1
Yoast SEO 9.0.2
Yoast SEO 9.0.3
Yoast SEO 9.1
Yoast SEO 9.2
Yoast SEO 9.2.1
Yoast SEO 9.3
Yoast SEO 9.4
Yoast SEO 9.5

[PRODSECBUG-2136] Stored Cross-Site Scripting (XSS) in Admin

Tue, 14 May 2019 09:11:24 GMT

Multiple functions used to sanitize user input for cross-site scripting contexts could be bypassed.

Part of update Magento 2.2.7 and 2.1.16 Security Update

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6

[PRODSECBUG-2057] Remote Code Execution in Upload of Quote File

Thu, 16 May 2019 08:32:20 GMT

The upload settings for B2B quote files were vulnerable to remote code execution attacks.

Part of update Magento 2.2.7 and 2.1.16 Security Update

This vulnerability affects the following application versions:

Magento 0.42.0-beta5
Magento 0.42.0-beta6
Magento 0.42.0-beta7
Magento 0.42.0-beta8
Magento 0.42.0-beta9
Magento 0.42.0-beta10
Magento 0.42.0-beta11
Magento 0.74.0-beta1
Magento 0.74.0-beta2
Magento 0.74.0-beta3
Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6

[PRODSECBUG-2151] Remote Code Execution through Path Traversal

Mon, 03 Jun 2019 14:26:51 GMT

Administrators with limited privileges could upload an unauthorized template using the path traversal capability. Although most forms had not authorized this type of upload, an attacker could create a product with a file custom options that accepts an unauthorized template file.

Part of update Magento 2.2.7 and 2.1.16 Security Update

This vulnerability affects the following application versions:

Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6

[ PRODSECBUG-2123 ] PHP Object Injection (POI) and Remote Code Execution (RCE) in the Admin

Mon, 03 Jun 2019 14:26:51 GMT

An administrator with access to Varnish configuration settings and the design configuration could trigger remote code execution through PHP object instantiation.

Part of update Magento 2.2.7 and 2.1.16 Security Update

This vulnerability affects the following application versions:

Magento 0.42.0-beta4
Magento 0.42.0-beta5
Magento 0.42.0-beta6
Magento 0.42.0-beta7
Magento 0.42.0-beta8
Magento 0.42.0-beta9
Magento 0.42.0-beta10
Magento 0.42.0-beta11
Magento 0.74.0-beta1
Magento 0.74.0-beta2
Magento 0.74.0-beta3
Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6

[MAGETWO-91785] Vulnerability within Return Order Requests

Mon, 03 Jun 2019 14:26:51 GMT

Return merchandise authorizations (RMA) was vulnerable to cross-site request forgeries.

Part of Magento 2.2.7 and 2.1.16 Security Update

This vulnerability affects the following application versions:

Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6

Object Injection in the CMS module to arbitrary file deletion

Mon, 03 Jun 2019 14:26:51 GMT

Through the wysiwyg of the CMS module an authenticated user could delete the .htaccess file.

Part of update Magento 2.2.7 and 2.1.16 Security Update

This vulnerability affects the following application versions:

Magento 0.74.0-beta1
Magento 0.74.0-beta2
Magento 0.74.0-beta3
Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.2.0
Magento 2.2.0-rc3.0
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6

Adding escape to customer error display to avoid XSS

Tue, 04 Jun 2019 08:35:55 GMT

Customer error display was not properly sanitized this could result in an XSS attack.

This vulnerability affects the following application versions:

WooCommerce 3.2.0
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2
WooCommerce 3.5.1
WooCommerce 3.5.2
WooCommerce 3.5.3
WooCommerce 3.5.4

Adding escaping to image gallery to avoid XSS

Wed, 05 Jun 2019 07:00:00 GMT

Image gallery function was not escaped against an XSS attack.

This vulnerability affects the following application versions:

WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2
WooCommerce 3.5.1
WooCommerce 3.5.2
WooCommerce 3.5.3
WooCommerce 3.5.4

Added escaping to the templates to avoid XSS

Tue, 11 Jun 2019 07:58:16 GMT

The admin templates were not properly sanitized which could result in an XSS attack.

This vulnerability affects the following application versions:

PrestaShop 1.6.0.12
PrestaShop 1.6.0.13
PrestaShop 1.6.0.14
PrestaShop 1.6.1.0
PrestaShop 1.6.1.0 RC4
PrestaShop 1.6.1.0 RC5
PrestaShop 1.6.1.1
PrestaShop 1.6.1.1 RC1
PrestaShop 1.6.1.1 RC2
PrestaShop 1.6.1.2
PrestaShop 1.6.1.2 RC1
PrestaShop 1.6.1.2 RC2
PrestaShop 1.6.1.2 RC3
PrestaShop 1.6.1.2 RC4
PrestaShop 1.6.1.3
PrestaShop 1.6.1.3 RC1
PrestaShop 1.6.1.4
PrestaShop 1.6.1.5
PrestaShop 1.6.1.6
PrestaShop 1.6.1.7
PrestaShop 1.6.1.8
PrestaShop 1.6.1.9
PrestaShop 1.6.1.10
PrestaShop 1.6.1.11
PrestaShop 1.6.1.11 beta 1
PrestaShop 1.6.1.12
PrestaShop 1.6.1.13
PrestaShop 1.6.1.14
PrestaShop 1.6.1.15
PrestaShop 1.6.1.16
PrestaShop 1.6.1.17
PrestaShop 1.6.1.18
PrestaShop 1.6.1.19
PrestaShop 1.6.1.20
PrestaShop 1.6.1.21
PrestaShop 1.6.1.22
PrestaShop 1.6.1.23
PrestaShop 1.6.1.24
PrestaShop 1.7.0.0
PrestaShop 1.7.0.0 beta1
PrestaShop 1.7.0.0 beta2
PrestaShop 1.7.0.0 beta3
PrestaShop 1.7.0.0 RC0
PrestaShop 1.7.0.0 RC1
PrestaShop 1.7.0.0 RC2
PrestaShop 1.7.0.0 RC3
PrestaShop 1.7.0.1
PrestaShop 1.7.0.2
PrestaShop 1.7.0.3
PrestaShop 1.7.0.4
PrestaShop 1.7.0.5
PrestaShop 1.7.0.6
PrestaShop 1.7.1.0
PrestaShop 1.7.1.0 beta1
PrestaShop 1.7.1.1
PrestaShop 1.7.1.2
PrestaShop 1.7.2.0
PrestaShop 1.7.2.0 RC 1
PrestaShop 1.7.2.1
PrestaShop 1.7.2.2
PrestaShop 1.7.2.3
PrestaShop 1.7.2.4
PrestaShop 1.7.2.5
PrestaShop 1.7.3.0
PrestaShop 1.7.3.0 beta 1
PrestaShop 1.7.3.0 RC 1
PrestaShop 1.7.3.1
PrestaShop 1.7.3.2
PrestaShop 1.7.3.3
PrestaShop 1.7.3.4
PrestaShop 1.7.4.0
PrestaShop 1.7.4.0 beta 1
PrestaShop 1.7.4.1
PrestaShop 1.7.4.2
PrestaShop 1.7.4.3
PrestaShop 1.7.4.4
PrestaShop 1.7.5.0 beta 1

Adding escaping to the value of XML safe to prevent XSS

Tue, 11 Jun 2019 07:58:16 GMT

The XML safe was not properly escaped this could result in an XSS attack.

This vulnerability affects the following application versions:

All in One SEO Pack 2.10
All in One SEO Pack 2.10.1

Added escaping for image attributes to avoid XSS

Tue, 11 Jun 2019 07:58:16 GMT

Image attributes were not properly escaped this could result in an XSS attack.

This vulnerability affects the following application versions:

All in One SEO Pack 2.3.9
All in One SEO Pack 2.3.9.1
All in One SEO Pack 2.3.9.2
All in One SEO Pack 2.3.10
All in One SEO Pack 2.3.10.1
All in One SEO Pack 2.3.10.2
All in One SEO Pack 2.3.11
All in One SEO Pack 2.3.11.1
All in One SEO Pack 2.3.11.2
All in One SEO Pack 2.3.11.3
All in One SEO Pack 2.3.11.4
All in One SEO Pack 2.3.12
All in One SEO Pack 2.3.12.1
All in One SEO Pack 2.3.12.2
All in One SEO Pack 2.3.12.2.1
All in One SEO Pack 2.3.12.3
All in One SEO Pack 2.3.12.4
All in One SEO Pack 2.3.12.5
All in One SEO Pack 2.3.13
All in One SEO Pack 2.3.13.1
All in One SEO Pack 2.3.13.2
All in One SEO Pack 2.3.14
All in One SEO Pack 2.3.14.1
All in One SEO Pack 2.3.14.2
All in One SEO Pack 2.3.15
All in One SEO Pack 2.3.15.1
All in One SEO Pack 2.3.15.2
All in One SEO Pack 2.3.15.3
All in One SEO Pack 2.3.16
All in One SEO Pack 2.4
All in One SEO Pack 2.4.1
All in One SEO Pack 2.4.1.1
All in One SEO Pack 2.4.2
All in One SEO Pack 2.4.2.1
All in One SEO Pack 2.4.3
All in One SEO Pack 2.4.3.1
All in One SEO Pack 2.4.4
All in One SEO Pack 2.4.4.1
All in One SEO Pack 2.4.5
All in One SEO Pack 2.4.5.1
All in One SEO Pack 2.4.6
All in One SEO Pack 2.4.6.1
All in One SEO Pack 2.5
All in One SEO Pack 2.6.1
All in One SEO Pack 2.7.2
All in One SEO Pack 2.7.3
All in One SEO Pack 2.8
All in One SEO Pack 2.9
All in One SEO Pack 2.9.1
All in One SEO Pack 2.9.1.1

[20190601] CSV injection in com_actionlogs

Wed, 12 Jun 2019 13:29:44 GMT

The CSV export of com_actionslogs was vulnerable to CSV injection.

This vulnerability affects the following application versions:

Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2
Joomla 3.9.3
Joomla 3.9.4
Joomla 3.9.5
Joomla 3.9.6

Escaping added to the sharing sources to avoid XSS

Wed, 19 Jun 2019 06:45:38 GMT

The sources at the sharedaddy were not properly escaped against an XSS attack.

This vulnerability affects the following application versions:

Jetpack 2.7
Jetpack 2.7.3
Jetpack 2.7.4
Jetpack 2.7.5
Jetpack 2.8
Jetpack 2.8.3
Jetpack 2.8.4
Jetpack 2.8.5
Jetpack 2.8b1
Jetpack 2.9
Jetpack 2.9.1
Jetpack 2.9.1b1
Jetpack 2.9.2
Jetpack 2.9.3
Jetpack 2.9.4
Jetpack 2.9.5
Jetpack 2.9.6
Jetpack 2.9b1
Jetpack 2.9b2
Jetpack 2.9b3
Jetpack 2.9b4
Jetpack 3.0.1
Jetpack 3.0.2
Jetpack 3.0.2b1
Jetpack 3.0.2b2
Jetpack 3.0.4
Jetpack 3.0.5
Jetpack 3.0.6
Jetpack 3.1
Jetpack 3.1.1
Jetpack 3.1.3
Jetpack 3.1.4
Jetpack 3.1.5
Jetpack 3.2
Jetpack 3.2.1
Jetpack 3.2.3
Jetpack 3.2.4
Jetpack 3.2.5
Jetpack 3.3.1
Jetpack 3.3.2
Jetpack 3.3.4
Jetpack 3.3.5
Jetpack 3.3.6
Jetpack 3.4
Jetpack 3.4.1
Jetpack 3.4.2
Jetpack 3.4.3
Jetpack 3.4.4
Jetpack 3.4.5
Jetpack 3.4.6
Jetpack 3.5.1
Jetpack 3.5.2
Jetpack 3.5.3
Jetpack 3.5.4
Jetpack 3.5.5
Jetpack 3.5.6
Jetpack 3.6
Jetpack 3.6.1
Jetpack 3.6.2
Jetpack 3.6.3
Jetpack 3.6.4
Jetpack 3.7.1
Jetpack 3.7.2
Jetpack 3.7.3
Jetpack 3.7.4
Jetpack 3.7.5
Jetpack 3.8.2
Jetpack 3.8.3
Jetpack 3.8.4
Jetpack 3.8.5
Jetpack 3.9.0
Jetpack 3.9.1
Jetpack 3.9.10
Jetpack 3.9.2
Jetpack 3.9.3
Jetpack 3.9.4
Jetpack 3.9.5
Jetpack 3.9.6
Jetpack 3.9.7
Jetpack 3.9.8
Jetpack 3.9.9
Jetpack 4.0.0
Jetpack 4.0.1
Jetpack 4.0.2
Jetpack 4.0.3
Jetpack 4.0.4
Jetpack 4.0.5
Jetpack 4.0.6
Jetpack 4.0.7
Jetpack 4.1.0
Jetpack 4.1.1
Jetpack 4.1.2
Jetpack 4.1.3
Jetpack 4.1.4
Jetpack 4.2
Jetpack 4.2.0
Jetpack 4.2.1
Jetpack 4.2.2
Jetpack 4.2.3
Jetpack 4.2.4
Jetpack 4.2.5
Jetpack 4.3
Jetpack 4.3.0
Jetpack 4.3.1
Jetpack 4.3.2
Jetpack 4.3.3
Jetpack 4.3.4
Jetpack 4.3.5
Jetpack 4.4
Jetpack 4.4.1
Jetpack 4.4.2
Jetpack 4.4.3
Jetpack 4.4.4
Jetpack 4.4.5
Jetpack 4.5
Jetpack 4.5.1
Jetpack 4.5.2
Jetpack 4.5.3
Jetpack 4.6
Jetpack 4.6.1
Jetpack 4.6.2
Jetpack 4.6.3
Jetpack 4.7
Jetpack 4.7.1
Jetpack 4.7.2
Jetpack 4.7.3
Jetpack 4.7.4
Jetpack 4.8
Jetpack 4.8.1
Jetpack 4.8.2
Jetpack 4.8.3
Jetpack 4.8.4
Jetpack 4.8.5
Jetpack 4.9
Jetpack 4.9.1
Jetpack 4.9.2
Jetpack 4.9.3
Jetpack 4.9-pressable
Jetpack 5.0
Jetpack 5.0.1
Jetpack 5.0.2
Jetpack 5.0.3
Jetpack 5.1
Jetpack 5.1.1
Jetpack 5.1.2
Jetpack 5.1.3
Jetpack 5.1.4
Jetpack 5.2
Jetpack 5.2.1
Jetpack 5.2.2
Jetpack 5.2.3
Jetpack 5.2.4
Jetpack 5.2.5
Jetpack 5.3
Jetpack 5.3.1
Jetpack 5.3.2
Jetpack 5.3.3
Jetpack 5.3.4
Jetpack 5.4
Jetpack 5.4.1
Jetpack 5.4.2
Jetpack 5.4.3
Jetpack 5.4.4
Jetpack 5.5
Jetpack 5.5.1
Jetpack 5.5.2
Jetpack 5.5.3
Jetpack 5.5.4
Jetpack 5.5.5
Jetpack 5.5-pressable
Jetpack 5.6
Jetpack 5.6.1
Jetpack 5.6.2
Jetpack 5.6.3
Jetpack 5.6.4
Jetpack 5.6.5
Jetpack 5.6-pressable-rewind
Jetpack 5.7
Jetpack 5.7.1
Jetpack 5.7.2
Jetpack 5.7.3
Jetpack 5.7.4
Jetpack 5.7.5
Jetpack 5.8
Jetpack 5.8.1
Jetpack 5.8.2
Jetpack 5.8.3
Jetpack 5.8.4
Jetpack 5.9
Jetpack 5.9.1
Jetpack 5.9.2
Jetpack 5.9.3
Jetpack 5.9.4
Jetpack 6.0
Jetpack 6.0.1
Jetpack 6.0.2
Jetpack 6.0.3
Jetpack 6.0.4
Jetpack 6.1
Jetpack 6.1.1
Jetpack 6.1.2
Jetpack 6.1.3
Jetpack 6.1.4
Jetpack 6.1.5
Jetpack 6.2
Jetpack 6.2.1
Jetpack 6.2.2
Jetpack 6.2.3
Jetpack 6.2.4
Jetpack 6.2.5
Jetpack 6.3
Jetpack 6.3.1
Jetpack 6.3.2
Jetpack 6.3.3
Jetpack 6.3.4
Jetpack 6.3.5
Jetpack 6.3.6
Jetpack 6.3.7
Jetpack 6.4
Jetpack 6.4.1
Jetpack 6.4.2
Jetpack 6.4.3
Jetpack 6.4.4
Jetpack 6.4.5
Jetpack 6.4.6
Jetpack 6.5
Jetpack 6.5.1
Jetpack 6.5.2
Jetpack 6.5.3
Jetpack 6.5.4
Jetpack 6.5-pressable
Jetpack 6.5-pressable2
Jetpack 6.5-pressable3
Jetpack 6.6
Jetpack 6.6.1
Jetpack 6.6.1-pressable
Jetpack 6.6.2
Jetpack 6.6.3
Jetpack 6.6.4
Jetpack 6.6.5
Jetpack 6.6-beta
Jetpack 6.6-beta2
Jetpack 6.7
Jetpack 6.7.1
Jetpack 6.7.1-beta
Jetpack 6.7.2
Jetpack 6.7.3
Jetpack 6.7.4
Jetpack 6.7-beta
Jetpack 6.7-beta2
Jetpack 6.8
Jetpack 6.8.1
Jetpack 6.8.2
Jetpack 6.8.3
Jetpack 6.8.4
Jetpack 6.8.5
Jetpack 6.8-beta
Jetpack 6.8-beta2
Jetpack 6.8-beta3
Jetpack 6.8-beta4
Jetpack 6.8-pressable
Jetpack 6.9
Jetpack 6.9.1
Jetpack 6.9.2
Jetpack 6.9.3
Jetpack 6.9.4
Jetpack 6.9-beta
Jetpack 6.9-beta2

Escaping of the publicize user interface to avoid XSS

Mon, 24 Jun 2019 07:15:08 GMT

The UI of the publicize module was not properly escaped against XSS attack.

This vulnerability affects the following application versions:

Jetpack 2.7
Jetpack 2.7.3
Jetpack 2.7.4
Jetpack 2.7.5
Jetpack 2.8
Jetpack 2.8.3
Jetpack 2.8.4
Jetpack 2.8.5
Jetpack 2.8b1
Jetpack 2.9
Jetpack 2.9.1
Jetpack 2.9.1b1
Jetpack 2.9.2
Jetpack 2.9.3
Jetpack 2.9.4
Jetpack 2.9.5
Jetpack 2.9.6
Jetpack 2.9b1
Jetpack 2.9b2
Jetpack 2.9b3
Jetpack 2.9b4
Jetpack 3.0
Jetpack 3.0.1
Jetpack 3.0.2
Jetpack 3.0.2b1
Jetpack 3.0.2b2
Jetpack 3.0.4
Jetpack 3.0.5
Jetpack 3.0.6
Jetpack 3.1
Jetpack 3.1.1
Jetpack 3.1.3
Jetpack 3.1.4
Jetpack 3.1.5
Jetpack 3.2
Jetpack 3.2.1
Jetpack 3.2.3
Jetpack 3.2.4
Jetpack 3.2.5
Jetpack 3.3
Jetpack 3.3.1
Jetpack 3.3.2
Jetpack 3.3.4
Jetpack 3.3.5
Jetpack 3.3.6
Jetpack 3.4
Jetpack 3.4.1
Jetpack 3.4.2
Jetpack 3.4.3
Jetpack 3.4.4
Jetpack 3.4.5
Jetpack 3.4.6
Jetpack 3.5
Jetpack 3.5.1
Jetpack 3.5.2
Jetpack 3.5.3
Jetpack 3.5.4
Jetpack 3.5.5
Jetpack 3.5.6
Jetpack 3.6
Jetpack 3.6.1
Jetpack 3.6.2
Jetpack 3.6.3
Jetpack 3.6.4
Jetpack 3.7
Jetpack 3.7.1
Jetpack 3.7.2
Jetpack 3.7.3
Jetpack 3.7.4
Jetpack 3.7.5
Jetpack 3.8.0
Jetpack 3.8.1
Jetpack 3.8.2
Jetpack 3.8.3
Jetpack 3.8.4
Jetpack 3.8.5
Jetpack 3.9.0
Jetpack 3.9.1
Jetpack 3.9.10
Jetpack 3.9.2
Jetpack 3.9.3
Jetpack 3.9.4
Jetpack 3.9.5
Jetpack 3.9.6
Jetpack 3.9.7
Jetpack 3.9.8
Jetpack 3.9.9
Jetpack 4.0.0
Jetpack 4.0.1
Jetpack 4.0.2
Jetpack 4.0.3
Jetpack 4.0.4
Jetpack 4.0.5
Jetpack 4.0.6
Jetpack 4.0.7
Jetpack 4.1.0
Jetpack 4.1.1
Jetpack 4.1.2
Jetpack 4.1.3
Jetpack 4.1.4
Jetpack 4.2
Jetpack 4.2.0
Jetpack 4.2.1
Jetpack 4.2.2
Jetpack 4.2.3
Jetpack 4.2.4
Jetpack 4.2.5
Jetpack 4.3
Jetpack 4.3.0
Jetpack 4.3.1
Jetpack 4.3.2
Jetpack 4.3.3
Jetpack 4.3.4
Jetpack 4.3.5
Jetpack 4.4
Jetpack 4.4.1
Jetpack 4.4.2
Jetpack 4.4.3
Jetpack 4.4.4
Jetpack 4.4.5
Jetpack 4.5
Jetpack 4.5.1
Jetpack 4.5.2
Jetpack 4.5.3
Jetpack 4.6
Jetpack 4.6.1
Jetpack 4.6.2
Jetpack 4.6.3
Jetpack 4.7
Jetpack 4.7.1
Jetpack 4.7.2
Jetpack 4.7.3
Jetpack 4.7.4
Jetpack 4.8
Jetpack 4.8.1
Jetpack 4.8.2
Jetpack 4.8.3
Jetpack 4.8.4
Jetpack 4.8.5
Jetpack 4.9
Jetpack 4.9.1
Jetpack 4.9.2
Jetpack 4.9.3
Jetpack 4.9-pressable
Jetpack 5.0
Jetpack 5.0.1
Jetpack 5.0.2
Jetpack 5.0.3
Jetpack 5.1
Jetpack 5.1.1
Jetpack 5.1.2
Jetpack 5.1.3
Jetpack 5.1.4
Jetpack 5.2
Jetpack 5.2.1
Jetpack 5.2.2
Jetpack 5.2.3
Jetpack 5.2.4
Jetpack 5.2.5
Jetpack 5.3
Jetpack 5.3.1
Jetpack 5.3.2
Jetpack 5.3.3
Jetpack 5.3.4
Jetpack 5.4
Jetpack 5.4.1
Jetpack 5.4.2
Jetpack 5.4.3
Jetpack 5.4.4
Jetpack 5.5
Jetpack 5.5.1
Jetpack 5.5.2
Jetpack 5.5.3
Jetpack 5.5.4
Jetpack 5.5.5
Jetpack 5.5-pressable
Jetpack 5.6
Jetpack 5.6.1
Jetpack 5.6.2
Jetpack 5.6.3
Jetpack 5.6.4
Jetpack 5.6.5
Jetpack 5.6-pressable-rewind
Jetpack 5.7
Jetpack 5.7.1
Jetpack 5.7.2
Jetpack 5.7.3
Jetpack 5.7.4
Jetpack 5.7.5
Jetpack 5.8
Jetpack 5.8.1
Jetpack 5.8.2
Jetpack 5.8.3
Jetpack 5.8.4
Jetpack 5.9
Jetpack 5.9.1
Jetpack 5.9.2
Jetpack 5.9.3
Jetpack 5.9.4
Jetpack 6.0
Jetpack 6.0.1
Jetpack 6.0.2
Jetpack 6.0.3
Jetpack 6.0.4
Jetpack 6.1
Jetpack 6.1.1
Jetpack 6.1.2
Jetpack 6.1.3
Jetpack 6.1.4
Jetpack 6.1.5
Jetpack 6.2
Jetpack 6.2.1
Jetpack 6.2.2
Jetpack 6.2.3
Jetpack 6.2.4
Jetpack 6.2.5
Jetpack 6.3
Jetpack 6.3.1
Jetpack 6.3.2
Jetpack 6.3.3
Jetpack 6.3.4
Jetpack 6.3.5
Jetpack 6.3.6
Jetpack 6.3.7
Jetpack 6.4
Jetpack 6.4.1
Jetpack 6.4.2
Jetpack 6.4.3
Jetpack 6.4.4
Jetpack 6.4.5
Jetpack 6.4.6
Jetpack 6.5
Jetpack 6.5.1
Jetpack 6.5.2
Jetpack 6.5.3
Jetpack 6.5.4
Jetpack 6.5-pressable
Jetpack 6.5-pressable2
Jetpack 6.5-pressable3
Jetpack 6.6
Jetpack 6.6.1
Jetpack 6.6.1-pressable
Jetpack 6.6.2
Jetpack 6.6.3
Jetpack 6.6.4
Jetpack 6.6.5
Jetpack 6.6-beta
Jetpack 6.6-beta2
Jetpack 6.7
Jetpack 6.7.1
Jetpack 6.7.1-beta
Jetpack 6.7.2
Jetpack 6.7.3
Jetpack 6.7.4
Jetpack 6.7-beta
Jetpack 6.7-beta2
Jetpack 6.8
Jetpack 6.8.1
Jetpack 6.8.2
Jetpack 6.8.3
Jetpack 6.8.4
Jetpack 6.8.5
Jetpack 6.8-beta
Jetpack 6.8-beta2
Jetpack 6.8-beta3
Jetpack 6.8-beta4
Jetpack 6.8-pressable
Jetpack 6.9
Jetpack 6.9.1
Jetpack 6.9.2
Jetpack 6.9.3
Jetpack 6.9.4
Jetpack 6.9-beta
Jetpack 6.9-beta2
Jetpack 7.0
Jetpack 7.0-beta
Jetpack 7.0-beta2

Sitemap sanitation added to avoid XSS

Mon, 24 Jun 2019 07:15:08 GMT

The sitemap request server was not properly sanitized against XSS.

This vulnerability affects the following application versions:

Yoast SEO 2.2
Yoast SEO 2.2.1
Yoast SEO 2.3
Yoast SEO 2.3.1
Yoast SEO 2.3.2
Yoast SEO 2.3.3
Yoast SEO 2.3.4
Yoast SEO 2.3.5
Yoast SEO 3.0
Yoast SEO 3.0.1
Yoast SEO 3.0.2
Yoast SEO 3.0.3
Yoast SEO 3.0.4
Yoast SEO 3.0.5
Yoast SEO 3.0.6
Yoast SEO 3.0.7
Yoast SEO 3.1
Yoast SEO 3.1.1
Yoast SEO 3.1.2
Yoast SEO 3.2
Yoast SEO 3.2.1
Yoast SEO 3.2.2
Yoast SEO 3.2.3
Yoast SEO 3.2.4
Yoast SEO 3.2.5
Yoast SEO 3.3.0
Yoast SEO 3.3.1
Yoast SEO 3.3.2
Yoast SEO 3.3.3
Yoast SEO 3.3.4
Yoast SEO 3.4
Yoast SEO 3.4.1
Yoast SEO 3.4.2
Yoast SEO 3.5
Yoast SEO 3.6
Yoast SEO 3.6.1
Yoast SEO 3.7.0
Yoast SEO 3.7.1
Yoast SEO 3.8
Yoast SEO 3.9
Yoast SEO 4.0
Yoast SEO 4.0.2
Yoast SEO 4.1
Yoast SEO 4.2
Yoast SEO 4.2.1
Yoast SEO 4.3
Yoast SEO 4.4
Yoast SEO 4.5
Yoast SEO 4.6
Yoast SEO 4.7
Yoast SEO 4.7.1
Yoast SEO 4.8
Yoast SEO 4.9
Yoast SEO 5.0
Yoast SEO 5.0.1
Yoast SEO 5.0.2
Yoast SEO 5.1
Yoast SEO 5.2
Yoast SEO 5.3
Yoast SEO 5.3.1
Yoast SEO 5.3.2
Yoast SEO 5.3.3
Yoast SEO 5.4.0
Yoast SEO 5.4.1
Yoast SEO 5.4.2
Yoast SEO 5.5
Yoast SEO 5.5.1
Yoast SEO 5.6
Yoast SEO 5.6.1
Yoast SEO 5.7
Yoast SEO 5.7.1
Yoast SEO 5.8
Yoast SEO 5.9
Yoast SEO 5.9.1
Yoast SEO 5.9.2
Yoast SEO 5.9.3
Yoast SEO 6.0
Yoast SEO 6.1
Yoast SEO 6.1.1
Yoast SEO 6.2
Yoast SEO 6.3
Yoast SEO 6.3.1
Yoast SEO 7.0
Yoast SEO 7.0.1
Yoast SEO 7.0.2
Yoast SEO 7.0.3
Yoast SEO 7.1
Yoast SEO 7.2
Yoast SEO 7.3
Yoast SEO 7.4
Yoast SEO 7.4.1
Yoast SEO 7.4.2
Yoast SEO 7.5
Yoast SEO 7.5.1
Yoast SEO 7.5.3
Yoast SEO 7.6
Yoast SEO 7.6.1
Yoast SEO 7.7
Yoast SEO 7.7.1
Yoast SEO 7.7.2
Yoast SEO 7.7.3
Yoast SEO 7.8
Yoast SEO 7.9
Yoast SEO 7.9.1
Yoast SEO 8.0
Yoast SEO 8.1
Yoast SEO 8.1.1
Yoast SEO 8.1.2
Yoast SEO 8.2
Yoast SEO 8.2.1
Yoast SEO 8.3
Yoast SEO 8.4
Yoast SEO 9.0
Yoast SEO 9.0.1
Yoast SEO 9.0.2
Yoast SEO 9.0.3
Yoast SEO 9.1
Yoast SEO 9.2
Yoast SEO 9.2.1
Yoast SEO 9.3
Yoast SEO 9.4

[ PRODSECBUG-2125 ] CSRF on deletion of Blocks Vulnerability

Tue, 25 Jun 2019 06:26:02 GMT

Prevents a cross site request forgery vulnerability which could delete all Blocks at once

Part of update SUPEE-10975

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8
Magento 1.9.3.9
Magento 1.9.3.10

Escaping added to shortcodes module to prevent XSS

Tue, 25 Jun 2019 06:26:02 GMT

The shortcodes module was not properly sanitized against an XSS attack.

This vulnerability affects the following application versions:

Jetpack 2.8
Jetpack 2.8b1
Jetpack 2.9
Jetpack 2.9.1
Jetpack 2.9.1b1
Jetpack 2.9.2
Jetpack 2.9.3
Jetpack 2.9b1
Jetpack 2.9b2
Jetpack 2.9b3
Jetpack 2.9b4
Jetpack 3.0
Jetpack 3.0.1
Jetpack 3.0.2
Jetpack 3.0.2b1
Jetpack 3.0.2b2
Jetpack 3.1
Jetpack 3.1.1
Jetpack 3.2
Jetpack 3.2.1
Jetpack 3.2.3
Jetpack 3.2.4
Jetpack 3.2.5
Jetpack 3.3
Jetpack 3.3.1
Jetpack 3.3.2
Jetpack 3.3.4
Jetpack 3.3.5
Jetpack 3.3.6
Jetpack 3.4
Jetpack 3.4.1
Jetpack 3.4.2
Jetpack 3.4.3
Jetpack 3.4.4
Jetpack 3.4.5
Jetpack 3.4.6
Jetpack 3.5
Jetpack 3.5.1
Jetpack 3.5.2
Jetpack 3.5.3
Jetpack 3.5.4
Jetpack 3.5.5
Jetpack 3.5.6
Jetpack 3.6
Jetpack 3.6.1
Jetpack 3.6.2
Jetpack 3.6.3
Jetpack 3.6.4
Jetpack 3.7
Jetpack 3.7.1
Jetpack 3.7.2
Jetpack 3.7.3
Jetpack 3.7.4
Jetpack 3.7.5
Jetpack 3.8.0
Jetpack 3.8.1
Jetpack 3.8.2
Jetpack 3.8.3
Jetpack 3.8.4
Jetpack 3.8.5
Jetpack 3.9.0
Jetpack 3.9.1
Jetpack 3.9.10
Jetpack 3.9.2
Jetpack 3.9.3
Jetpack 3.9.4
Jetpack 3.9.5
Jetpack 3.9.6
Jetpack 3.9.7
Jetpack 3.9.8
Jetpack 3.9.9
Jetpack 4.0.0
Jetpack 4.0.1
Jetpack 4.0.2
Jetpack 4.0.3
Jetpack 4.0.4
Jetpack 4.0.5
Jetpack 4.0.6
Jetpack 4.0.7
Jetpack 4.1.0
Jetpack 4.1.1
Jetpack 4.1.2
Jetpack 4.1.3
Jetpack 4.1.4
Jetpack 4.2
Jetpack 4.2.0
Jetpack 4.2.1
Jetpack 4.2.2
Jetpack 4.2.3
Jetpack 4.2.4
Jetpack 4.2.5
Jetpack 4.3
Jetpack 4.3.0
Jetpack 4.3.1
Jetpack 4.3.2
Jetpack 4.3.3
Jetpack 4.3.4
Jetpack 4.3.5
Jetpack 4.4
Jetpack 4.4.1
Jetpack 4.4.2
Jetpack 4.4.3
Jetpack 4.4.4
Jetpack 4.4.5
Jetpack 4.5
Jetpack 4.5.1
Jetpack 4.5.2
Jetpack 4.5.3
Jetpack 4.6
Jetpack 4.6.1
Jetpack 4.6.2
Jetpack 4.6.3
Jetpack 4.7
Jetpack 4.7.1
Jetpack 4.7.2
Jetpack 4.7.3
Jetpack 4.7.4
Jetpack 4.8
Jetpack 4.8.1
Jetpack 4.8.2
Jetpack 4.8.3
Jetpack 4.8.4
Jetpack 4.8.5
Jetpack 4.9
Jetpack 4.9.1
Jetpack 4.9.2
Jetpack 4.9.3
Jetpack 4.9-pressable
Jetpack 5.0
Jetpack 5.0.1
Jetpack 5.0.2
Jetpack 5.0.3
Jetpack 5.1
Jetpack 5.1.1
Jetpack 5.1.2
Jetpack 5.1.3
Jetpack 5.1.4
Jetpack 5.2
Jetpack 5.2.1
Jetpack 5.2.2
Jetpack 5.2.3
Jetpack 5.2.4
Jetpack 5.2.5
Jetpack 5.3
Jetpack 5.3.1
Jetpack 5.3.2
Jetpack 5.3.3
Jetpack 5.3.4
Jetpack 5.4
Jetpack 5.4.1
Jetpack 5.4.2
Jetpack 5.4.3
Jetpack 5.4.4
Jetpack 5.5
Jetpack 5.5.1
Jetpack 5.5.2
Jetpack 5.5.3
Jetpack 5.5.4
Jetpack 5.5.5
Jetpack 5.5-pressable
Jetpack 5.6
Jetpack 5.6.1
Jetpack 5.6.2
Jetpack 5.6.3
Jetpack 5.6.4
Jetpack 5.6.5
Jetpack 5.6-pressable-rewind
Jetpack 5.7
Jetpack 5.7.1
Jetpack 5.7.2
Jetpack 5.7.3
Jetpack 5.7.4
Jetpack 5.7.5
Jetpack 5.8
Jetpack 5.8.1
Jetpack 5.8.2
Jetpack 5.8.3
Jetpack 5.8.4
Jetpack 5.9
Jetpack 5.9.1
Jetpack 5.9.2
Jetpack 5.9.3
Jetpack 5.9.4
Jetpack 6.0
Jetpack 6.0.1
Jetpack 6.0.2
Jetpack 6.0.3
Jetpack 6.0.4
Jetpack 6.1
Jetpack 6.1.1
Jetpack 6.1.2
Jetpack 6.1.3
Jetpack 6.1.4
Jetpack 6.1.5
Jetpack 6.2
Jetpack 6.2.1
Jetpack 6.2.2
Jetpack 6.2.3
Jetpack 6.2.4
Jetpack 6.2.5
Jetpack 6.3
Jetpack 6.3.1
Jetpack 6.3.2
Jetpack 6.3.3
Jetpack 6.3.4
Jetpack 6.3.5
Jetpack 6.3.6
Jetpack 6.3.7
Jetpack 6.4
Jetpack 6.4.1
Jetpack 6.4.2
Jetpack 6.4.3
Jetpack 6.4.4
Jetpack 6.4.5
Jetpack 6.4.6
Jetpack 6.5
Jetpack 6.5.1
Jetpack 6.5.2
Jetpack 6.5.3
Jetpack 6.5.4
Jetpack 6.5-pressable
Jetpack 6.5-pressable2
Jetpack 6.5-pressable3
Jetpack 6.6
Jetpack 6.6.1
Jetpack 6.6.1-pressable
Jetpack 6.6.2
Jetpack 6.6.3
Jetpack 6.6.4
Jetpack 6.6.5
Jetpack 6.6-beta
Jetpack 6.6-beta2
Jetpack 6.7
Jetpack 6.7.1
Jetpack 6.7.1-beta
Jetpack 6.7.2
Jetpack 6.7.3
Jetpack 6.7.4
Jetpack 6.7-beta
Jetpack 6.7-beta2
Jetpack 6.8
Jetpack 6.8.1
Jetpack 6.8.2
Jetpack 6.8.3
Jetpack 6.8.4
Jetpack 6.8.5
Jetpack 6.8-beta
Jetpack 6.8-beta2
Jetpack 6.8-beta3
Jetpack 6.8-beta4
Jetpack 6.8-pressable
Jetpack 6.9
Jetpack 6.9.1
Jetpack 6.9.2
Jetpack 6.9.3
Jetpack 6.9.4
Jetpack 6.9-beta
Jetpack 6.9-beta2
Jetpack 7.0
Jetpack 7.0.1
Jetpack 7.0.2
Jetpack 7.0.3
Jetpack 7.0.4
Jetpack 7.0.5
Jetpack 7.0-beta
Jetpack 7.0-beta2
Jetpack 7.1
Jetpack 7.1.1
Jetpack 7.1.1.1
Jetpack 7.1.2
Jetpack 7.1.3
Jetpack 7.1.4
Jetpack 7.1.5
Jetpack 7.1-beta
Jetpack 7.1-beta2

Added escaping in the columns link to prevent XSS

Tue, 25 Jun 2019 06:26:02 GMT

The link in the column was not properly escaped against XSS.

This vulnerability affects the following application versions:

Yoast SEO 5.0
Yoast SEO 5.0.1
Yoast SEO 5.0.2
Yoast SEO 5.1
Yoast SEO 5.2
Yoast SEO 5.3
Yoast SEO 5.3.1
Yoast SEO 5.3.2
Yoast SEO 5.3.3
Yoast SEO 5.4.0
Yoast SEO 5.4.1
Yoast SEO 5.4.2
Yoast SEO 5.5
Yoast SEO 5.5.1
Yoast SEO 5.6
Yoast SEO 5.6.1
Yoast SEO 5.7
Yoast SEO 5.7.1
Yoast SEO 5.8
Yoast SEO 5.9
Yoast SEO 5.9.1
Yoast SEO 5.9.2
Yoast SEO 5.9.3
Yoast SEO 6.0
Yoast SEO 6.1
Yoast SEO 6.1.1
Yoast SEO 6.2
Yoast SEO 6.3
Yoast SEO 6.3.1
Yoast SEO 7.0
Yoast SEO 7.0.1
Yoast SEO 7.0.2
Yoast SEO 7.0.3
Yoast SEO 7.1
Yoast SEO 7.2
Yoast SEO 7.3
Yoast SEO 7.4
Yoast SEO 7.4.1
Yoast SEO 7.4.2
Yoast SEO 7.5
Yoast SEO 7.5.1
Yoast SEO 7.5.3
Yoast SEO 7.6
Yoast SEO 7.6.1
Yoast SEO 7.7
Yoast SEO 7.7.1
Yoast SEO 7.7.2
Yoast SEO 7.7.3
Yoast SEO 7.8
Yoast SEO 7.9
Yoast SEO 7.9.1
Yoast SEO 8.0
Yoast SEO 8.1
Yoast SEO 8.1.1
Yoast SEO 8.1.2
Yoast SEO 8.2
Yoast SEO 8.2.1
Yoast SEO 8.3
Yoast SEO 8.4
Yoast SEO 9.0
Yoast SEO 9.0.1
Yoast SEO 9.0.2
Yoast SEO 9.0.3
Yoast SEO 9.1
Yoast SEO 9.2
Yoast SEO 9.2.1
Yoast SEO 9.3
Yoast SEO 9.4
Yoast SEO 9.5
Yoast SEO 9.6

[PRODSECBUG-2138] Widget Based XSS Vulnerability

Wed, 26 Jun 2019 07:06:01 GMT

A remote attacker is prevented from inserting arbitrary codes.

Part of update Magento 2.2.7 and 2.1.16 Security Update

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6

Implicit conversion of input data into string

Wed, 26 Jun 2019 07:06:01 GMT

The function used to prevent an XSS attack was not able to convert the input data in a string implicitly.

This vulnerability affects the following application versions:

Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6

Add escaping in modules to prevent XSS

Wed, 26 Jun 2019 07:06:01 GMT

Some modules were not properly escaped to prevent an XSS attack.

This vulnerability affects the following application versions:

Jetpack 3.1
Jetpack 3.1.1
Jetpack 3.1.3
Jetpack 3.1.4
Jetpack 3.1.5
Jetpack 3.2
Jetpack 3.2.1
Jetpack 3.2.3
Jetpack 3.2.4
Jetpack 3.2.5
Jetpack 3.3
Jetpack 3.3.1
Jetpack 3.3.2
Jetpack 3.3.4
Jetpack 3.3.5
Jetpack 3.3.6
Jetpack 3.4
Jetpack 3.4.1
Jetpack 3.4.2
Jetpack 3.4.3
Jetpack 3.4.4
Jetpack 3.4.5
Jetpack 3.4.6
Jetpack 3.5
Jetpack 3.5.1
Jetpack 3.5.2
Jetpack 3.5.3
Jetpack 3.5.4
Jetpack 3.5.5
Jetpack 3.5.6
Jetpack 3.6
Jetpack 3.6.1
Jetpack 3.6.2
Jetpack 3.6.3
Jetpack 3.6.4
Jetpack 3.7
Jetpack 3.7.1
Jetpack 3.7.2
Jetpack 3.7.3
Jetpack 3.7.4
Jetpack 3.7.5
Jetpack 3.8.0
Jetpack 3.8.1
Jetpack 3.8.2
Jetpack 3.8.3
Jetpack 3.8.4
Jetpack 3.8.5
Jetpack 3.9.0
Jetpack 3.9.1
Jetpack 3.9.2
Jetpack 3.9.3
Jetpack 3.9.4
Jetpack 3.9.5
Jetpack 3.9.6
Jetpack 3.9.7
Jetpack 3.9.8
Jetpack 3.9.9
Jetpack 3.9.10
Jetpack 4.0.0
Jetpack 4.0.1
Jetpack 4.0.2
Jetpack 4.0.3
Jetpack 4.0.4
Jetpack 4.0.5
Jetpack 4.0.6
Jetpack 4.0.7
Jetpack 4.1.0
Jetpack 4.1.1
Jetpack 4.1.2
Jetpack 4.1.3
Jetpack 4.1.4
Jetpack 4.2
Jetpack 4.2.0
Jetpack 4.2.1
Jetpack 4.2.2
Jetpack 4.2.3
Jetpack 4.2.4
Jetpack 4.2.5
Jetpack 4.3
Jetpack 4.3.0
Jetpack 4.3.1
Jetpack 4.3.2
Jetpack 4.3.3
Jetpack 4.3.4
Jetpack 4.3.5
Jetpack 4.4
Jetpack 4.4.1
Jetpack 4.4.2
Jetpack 4.4.3
Jetpack 4.4.4
Jetpack 4.4.5
Jetpack 4.5
Jetpack 4.5.1
Jetpack 4.5.2
Jetpack 4.5.3
Jetpack 4.6
Jetpack 4.6.1
Jetpack 4.6.2
Jetpack 4.6.3
Jetpack 4.7
Jetpack 4.7.1
Jetpack 4.7.2
Jetpack 4.7.3
Jetpack 4.7.4
Jetpack 4.8
Jetpack 4.8.1
Jetpack 4.8.2
Jetpack 4.8.3
Jetpack 4.8.4
Jetpack 4.8.5
Jetpack 4.9
Jetpack 4.9.1
Jetpack 4.9.2
Jetpack 4.9.3
Jetpack 4.9-pressable
Jetpack 5.0
Jetpack 5.0.1
Jetpack 5.0.2
Jetpack 5.0.3
Jetpack 5.1
Jetpack 5.1.1
Jetpack 5.1.2
Jetpack 5.1.3
Jetpack 5.1.4
Jetpack 5.2
Jetpack 5.2.1
Jetpack 5.2.2
Jetpack 5.2.3
Jetpack 5.2.4
Jetpack 5.2.5
Jetpack 5.3
Jetpack 5.3.1
Jetpack 5.3.2
Jetpack 5.3.3
Jetpack 5.3.4
Jetpack 5.4
Jetpack 5.4.1
Jetpack 5.4.2
Jetpack 5.4.3
Jetpack 5.4.4
Jetpack 5.5
Jetpack 5.5.1
Jetpack 5.5.2
Jetpack 5.5.3
Jetpack 5.5.4
Jetpack 5.5.5
Jetpack 5.5-pressable
Jetpack 5.6
Jetpack 5.6.1
Jetpack 5.6.2
Jetpack 5.6.3
Jetpack 5.6.4
Jetpack 5.6.5
Jetpack 5.6-pressable-rewind
Jetpack 5.7
Jetpack 5.7.1
Jetpack 5.7.2
Jetpack 5.7.3
Jetpack 5.7.4
Jetpack 5.7.5
Jetpack 5.8
Jetpack 5.8.1
Jetpack 5.8.2
Jetpack 5.8.3
Jetpack 5.8.4
Jetpack 5.9
Jetpack 5.9.1
Jetpack 5.9.2
Jetpack 5.9.3
Jetpack 5.9.4
Jetpack 6.0
Jetpack 6.0.1
Jetpack 6.0.2
Jetpack 6.0.3
Jetpack 6.0.4
Jetpack 6.1
Jetpack 6.1.1
Jetpack 6.1.2
Jetpack 6.1.3
Jetpack 6.1.4
Jetpack 6.1.5
Jetpack 6.2
Jetpack 6.2.1
Jetpack 6.2.2
Jetpack 6.2.3
Jetpack 6.2.4
Jetpack 6.2.5
Jetpack 6.3
Jetpack 6.3.1
Jetpack 6.3.2
Jetpack 6.3.3
Jetpack 6.3.4
Jetpack 6.3.5
Jetpack 6.3.6
Jetpack 6.3.7
Jetpack 6.4
Jetpack 6.4.1
Jetpack 6.4.2
Jetpack 6.4.3
Jetpack 6.4.4
Jetpack 6.4.5
Jetpack 6.4.6
Jetpack 6.5
Jetpack 6.5.1
Jetpack 6.5.2
Jetpack 6.5.3
Jetpack 6.5.4
Jetpack 6.5-pressable
Jetpack 6.5-pressable2
Jetpack 6.5-pressable3
Jetpack 6.6
Jetpack 6.6.1
Jetpack 6.6.1-pressable
Jetpack 6.6.2
Jetpack 6.6.3
Jetpack 6.6.4
Jetpack 6.6.5
Jetpack 6.6-beta
Jetpack 6.6-beta2
Jetpack 6.7
Jetpack 6.7.1
Jetpack 6.7.1-beta
Jetpack 6.7.2
Jetpack 6.7.3
Jetpack 6.7.4
Jetpack 6.7-beta
Jetpack 6.7-beta2
Jetpack 6.8
Jetpack 6.8.1
Jetpack 6.8.2
Jetpack 6.8.3
Jetpack 6.8.4
Jetpack 6.8.5
Jetpack 6.8-beta
Jetpack 6.8-beta2
Jetpack 6.8-beta3
Jetpack 6.8-beta4
Jetpack 6.8-pressable
Jetpack 6.9
Jetpack 6.9.1
Jetpack 6.9.2
Jetpack 6.9.3
Jetpack 6.9.4
Jetpack 6.9-beta
Jetpack 6.9-beta2
Jetpack 7.0
Jetpack 7.0.1
Jetpack 7.0.2
Jetpack 7.0.3
Jetpack 7.0.4
Jetpack 7.0.5
Jetpack 7.0-beta
Jetpack 7.0-beta2
Jetpack 7.1-beta
Jetpack 7.1-beta2

Added escaping to notifier to prevent XSS

Wed, 26 Jun 2019 07:06:01 GMT

Certain forms and links were not properly escaped to against XSS.

This vulnerability affects the following application versions:

Yoast SEO 5.0
Yoast SEO 5.0.1
Yoast SEO 5.0.2
Yoast SEO 5.1
Yoast SEO 5.2
Yoast SEO 5.3
Yoast SEO 5.3.1
Yoast SEO 5.3.2
Yoast SEO 5.3.3
Yoast SEO 5.4.0
Yoast SEO 5.4.1
Yoast SEO 5.4.2
Yoast SEO 5.5
Yoast SEO 5.5.1
Yoast SEO 5.6
Yoast SEO 5.6.1
Yoast SEO 5.7
Yoast SEO 5.7.1
Yoast SEO 5.8
Yoast SEO 5.9
Yoast SEO 5.9.1
Yoast SEO 5.9.2
Yoast SEO 5.9.3
Yoast SEO 6.0
Yoast SEO 6.1
Yoast SEO 6.1.1
Yoast SEO 6.2
Yoast SEO 6.3
Yoast SEO 6.3.1
Yoast SEO 7.0
Yoast SEO 7.0.1
Yoast SEO 7.0.2
Yoast SEO 7.0.3
Yoast SEO 7.1
Yoast SEO 7.2
Yoast SEO 7.3
Yoast SEO 7.4
Yoast SEO 7.4.1
Yoast SEO 7.4.2
Yoast SEO 7.5
Yoast SEO 7.5.1
Yoast SEO 7.5.3
Yoast SEO 7.6
Yoast SEO 7.6.1
Yoast SEO 7.7
Yoast SEO 7.7.1
Yoast SEO 7.7.2
Yoast SEO 7.7.3
Yoast SEO 7.8
Yoast SEO 7.9
Yoast SEO 7.9.1
Yoast SEO 8.0
Yoast SEO 8.1
Yoast SEO 8.1.1
Yoast SEO 8.1.2
Yoast SEO 8.2
Yoast SEO 8.2.1
Yoast SEO 8.3
Yoast SEO 8.4
Yoast SEO 9.0
Yoast SEO 9.0.1
Yoast SEO 9.0.2
Yoast SEO 9.0.3
Yoast SEO 9.1
Yoast SEO 9.2
Yoast SEO 9.2.1
Yoast SEO 9.3

Added escaping to metabox text field to prevent XSS

Wed, 26 Jun 2019 07:06:01 GMT

Certain inputs were not properly escaped against an XSS attack.

This vulnerability affects the following application versions:

Yoast SEO 2.0
Yoast SEO 2.0.1
Yoast SEO 2.1
Yoast SEO 2.1.1
Yoast SEO 2.2
Yoast SEO 2.2.1
Yoast SEO 2.3
Yoast SEO 2.3.1
Yoast SEO 2.3.2
Yoast SEO 2.3.3
Yoast SEO 2.3.4
Yoast SEO 2.3.5
Yoast SEO 3.0
Yoast SEO 3.0.1
Yoast SEO 3.0.2
Yoast SEO 3.0.3
Yoast SEO 3.0.4
Yoast SEO 3.0.5
Yoast SEO 3.0.6
Yoast SEO 3.0.7
Yoast SEO 3.1
Yoast SEO 3.1.1
Yoast SEO 3.1.2
Yoast SEO 3.2
Yoast SEO 3.2.1
Yoast SEO 3.2.2
Yoast SEO 3.2.3
Yoast SEO 3.2.4
Yoast SEO 3.2.5
Yoast SEO 3.3.0
Yoast SEO 3.3.1
Yoast SEO 3.3.2
Yoast SEO 3.3.3
Yoast SEO 3.3.4
Yoast SEO 3.4
Yoast SEO 3.4.1
Yoast SEO 3.4.2
Yoast SEO 3.5
Yoast SEO 3.6
Yoast SEO 3.6.1
Yoast SEO 3.7.0
Yoast SEO 3.7.1
Yoast SEO 3.8
Yoast SEO 3.9
Yoast SEO 4.0
Yoast SEO 4.0.2
Yoast SEO 4.1
Yoast SEO 4.2
Yoast SEO 4.2.1
Yoast SEO 4.3
Yoast SEO 4.4
Yoast SEO 4.5
Yoast SEO 4.6
Yoast SEO 4.7
Yoast SEO 4.7.1
Yoast SEO 4.8
Yoast SEO 4.9
Yoast SEO 5.0
Yoast SEO 5.0.1
Yoast SEO 5.0.2
Yoast SEO 5.1
Yoast SEO 5.2
Yoast SEO 5.3
Yoast SEO 5.3.1
Yoast SEO 5.3.2
Yoast SEO 5.3.3
Yoast SEO 5.4.0
Yoast SEO 5.4.1
Yoast SEO 5.4.2
Yoast SEO 5.5
Yoast SEO 5.5.1
Yoast SEO 5.6
Yoast SEO 5.6.1
Yoast SEO 5.7
Yoast SEO 5.7.1
Yoast SEO 5.8
Yoast SEO 5.9
Yoast SEO 5.9.1
Yoast SEO 5.9.2
Yoast SEO 5.9.3
Yoast SEO 6.0
Yoast SEO 6.1
Yoast SEO 6.1.1
Yoast SEO 6.2
Yoast SEO 6.3
Yoast SEO 6.3.1
Yoast SEO 7.0
Yoast SEO 7.0.1
Yoast SEO 7.0.2
Yoast SEO 7.0.3
Yoast SEO 7.1
Yoast SEO 7.2
Yoast SEO 7.3
Yoast SEO 7.4
Yoast SEO 7.4.1
Yoast SEO 7.4.2
Yoast SEO 7.5
Yoast SEO 7.5.1
Yoast SEO 7.5.3
Yoast SEO 7.6
Yoast SEO 7.6.1
Yoast SEO 7.7
Yoast SEO 7.7.1
Yoast SEO 7.7.2
Yoast SEO 7.7.3
Yoast SEO 7.8
Yoast SEO 7.9
Yoast SEO 7.9.1
Yoast SEO 8.0
Yoast SEO 8.1
Yoast SEO 8.1.1
Yoast SEO 8.1.2
Yoast SEO 8.2
Yoast SEO 8.2.1
Yoast SEO 8.3
Yoast SEO 8.4
Yoast SEO 9.0
Yoast SEO 9.0.1
Yoast SEO 9.0.2
Yoast SEO 9.0.3
Yoast SEO 9.1
Yoast SEO 9.2
Yoast SEO 9.2.1
Yoast SEO 9.3
Yoast SEO 9.4
Yoast SEO 9.5

Escaping json in product data variations to prevent XSS

Thu, 04 Jul 2019 08:23:57 GMT

Data in product data variation was not properly sanitized against an XSS attack.

This vulnerability affects the following application versions:

WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2
WooCommerce 3.5.1
WooCommerce 3.5.2
WooCommerce 3.5.3
WooCommerce 3.5.4

Added escaping to shipping notice to prevent XSS

Tue, 09 Jul 2019 06:59:50 GMT

The shipping notice was not properly escaped against XSS attack vectors.

This vulnerability affects the following application versions:

WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2
WooCommerce 3.5.1
WooCommerce 3.5.2
WooCommerce 3.5.3
WooCommerce 3.5.4
WooCommerce 3.5.5
WooCommerce 3.5.6
WooCommerce 3.5.7
WooCommerce 3.5.8
WooCommerce 3.5.9
WooCommerce 3.5.10
WooCommerce 3.6.0
WooCommerce 3.6.0-beta.1
WooCommerce 3.6.0-rc.1
WooCommerce 3.6.0-rc.2
WooCommerce 3.6.0-rc.3
WooCommerce 3.6.1
WooCommerce 3.6.2

Sanitize memory_limit for the export page

Tue, 09 Jul 2019 06:59:50 GMT

The FILTER_SANITIZE_NUMBER_INT filter removes all illegal characters from a number.

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8
Magento 1.9.3.9
Magento 1.9.3.10

Make sure that API messages are safe to print

Tue, 09 Jul 2019 06:59:50 GMT

Messages for API were not properly encoded and sanitized before printed.

This vulnerability affects the following application versions:

WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2
WooCommerce 3.5.1
WooCommerce 3.5.2
WooCommerce 3.5.3
WooCommerce 3.5.4

[PRODSECBUG-1860] Admin Account XSS Attack Cessation via Filename

Tue, 09 Jul 2019 06:59:50 GMT

An attacker with access to upload could craft an image with a malicious file name in order to execute an XSS attack.

Part of update SUPEE-10975

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8
Magento 1.9.3.9
Magento 1.9.3.10

[PRODSECBUG-2053] Prevents XSS in Newsletter Template

Tue, 09 Jul 2019 06:59:50 GMT

Newletter Template Settings are strengthened to prevent possible XSS Attack.

Part of update SUPEE-10975

This vulnerability affects the following application versions:

Magento 1.9.1.1
Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8
Magento 1.9.3.9
Magento 1.9.3.10

[PRODSECBUG-2019] Merchant Wishlist Security Strenghening

Tue, 09 Jul 2019 06:59:50 GMT

Prevents unwanted spamming of user wishlists.

Part of update SUPEE-10975

This vulnerability affects the following application versions:

Magento 1.9.2.0
Magento 1.9.2.1
Magento 1.9.2.2
Magento 1.9.2.3
Magento 1.9.2.4
Magento 1.9.3.0
Magento 1.9.3.1
Magento 1.9.3.2
Magento 1.9.3.3
Magento 1.9.3.4
Magento 1.9.3.6
Magento 1.9.3.7
Magento 1.9.3.8
Magento 1.9.3.9
Magento 1.9.3.10

Added escaping and sanitized to coupon code and note to prevent XSS

Thu, 11 Jul 2019 07:31:57 GMT

The coupon code and note were not properly escaped and sanitized against an XSS attack.

This vulnerability affects the following application versions:

WooCommerce 2.1.0
WooCommerce 2.1.0-RC2
WooCommerce 2.1.1
WooCommerce 2.1.2
WooCommerce 2.1.3
WooCommerce 2.1.4
WooCommerce 2.1.5
WooCommerce 2.1.6
WooCommerce 2.1.7
WooCommerce 2.1.8
WooCommerce 2.1.9
WooCommerce 2.1.10
WooCommerce 2.1.11
WooCommerce 2.1.12
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
WooCommerce 2.2.2
WooCommerce 2.2.3
WooCommerce 2.2.4
WooCommerce 2.2.5
WooCommerce 2.2.6
WooCommerce 2.2.7
WooCommerce 2.2.8
WooCommerce 2.2.9
WooCommerce 2.2.10
WooCommerce 2.2.11
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
WooCommerce 2.3.1
WooCommerce 2.3.2
WooCommerce 2.3.3
WooCommerce 2.3.4
WooCommerce 2.3.5
WooCommerce 2.3.6
WooCommerce 2.3.7
WooCommerce 2.3.8
WooCommerce 2.3.9
WooCommerce 2.3.10
WooCommerce 2.3.11
WooCommerce 2.3.12
WooCommerce 2.3.13
WooCommerce 2.4.0
WooCommerce 2.4.0-RC1
WooCommerce 2.4.1
WooCommerce 2.4.2
WooCommerce 2.4.3
WooCommerce 2.4.4
WooCommerce 2.4.5
WooCommerce 2.4.6
WooCommerce 2.4.7
WooCommerce 2.4.8
WooCommerce 2.4.9
WooCommerce 2.4.10
WooCommerce 2.4.11
WooCommerce 2.4.12
WooCommerce 2.4.13
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2
WooCommerce 3.5.1
WooCommerce 3.5.2
WooCommerce 3.5.3
WooCommerce 3.5.4
WooCommerce 3.5.5
WooCommerce 3.5.6
WooCommerce 3.5.7
WooCommerce 3.5.8
WooCommerce 3.5.9
WooCommerce 3.5.10

[20190701] Filter attribute in subform fields allows remote code execution

Thu, 11 Jul 2019 13:21:57 GMT

Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.

This vulnerability affects the following application versions:

Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2
Joomla 3.9.3
Joomla 3.9.4
Joomla 3.9.5
Joomla 3.9.6
Joomla 3.9.7
Joomla 3.9.8