Newly Added Security Tests, February 28, 2017: New WordPress plugin vulnerabilities


To bring you the most up-to-date security service and help you stay on top of threats, we update Detectify on a regular basis. Here are some of the security tests added to the tool with our latest release:

  • WordPress gadgetry XSS
  • WordPress wd-instagram-feed XSS
  • WordPress wp-ultimate-form-builder SQL injection
  • WordPress multi-device-switcher Open Redirect
  • WordPress ad-inserter LFI
  • YaBB reflected XSS
  • YaBB Open Redirect
  • Ultimate Bulletin Board Email Disclosure
  • Roxy File Manager Open Access
  • Piwik Error Information Disclosure
  • KCEditor Filemanager Unauthenticated Access
  • Reflected XSS in hazel.cgi
  • Open Redirect in awstats.pl
  • Reflected XSS in hyperseek.cgi
  • eXist Unauthenticated Access
  • Reflected XSS in cshopcart.cgi
  • Bitrix Site Manager Log Disclosure
  • Information Disclosure of sftp-config.json

Stay safe!
The Detectify Team



Source link