DefenseCode WebScanner DAST Advisory WordPress Tribulant Newsletters Plugin Multiple Security Vulnerabilities Advisory ID: DC-2017-01-012 Advisory Title: WordPress Tribulant Newsletters Plugin Multiple Vulnerabilities Advisory URL: http://ift.tt/2rhPqdW Software: WordPress Tribulant Newsletters Plugin Language: PHP Version: 4.6.4.2 and below Vendor Status: Vendor contacted, update released Release Date: 2017/05/29 Risk: Medium 1. General Overview =================== During the security audit of Tribulant Newsletters plugin for WordPress CMS, multiple vulnerabilities were discovered using DefenseCode WebScanner application security analysis platform. More information about WebScanner is available at URL: http://ift.tt/Vn2J4r 2. Software Overview ==================== According to the authors, WordPress Tribulant Newsletters plugin is a full-featured newsletter plugin for WordPress which fulfils all subscribers, emails, marketing and newsletter related needs for both personal and business environments. According to wordpress.org, it has more than 9,000 active installs. Homepage: http://ift.tt/1yLaLL1 http://ift.tt/1Gy8lOT 3. Vulnerability Description ================================== During the security analysis, WebScanner discovered File Disclosure vulnerability and multiple Cross Site Scripting vulnerabilities in Tribulant Newsletters plugin. 3.1 File Disclosure -
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment