- WordPress Plugin BackWPup is prone to a vulnerability which can be exploited to execute local or remote code on the web server. The Input passed to the component "wp_xml_export.php" via the "wpabs" variable allows the inclusion and execution of local or remote PHP files as long as a "_nonce" value is known. The "_nonce" value relies on a static constant which is not defined in the script meaning that it defaults to the value "822728c8d9". WordPress Plugin BackWPup version 1.6.1 is vulnerable; other versions may also be affected.
- Update to the latest version
- WordPress Plugin WooCommerce Extra Product Options Multiple Vulnerabilities (4.5.3)
- WordPress Plugin Chained Quiz Multiple Cross-Site Scripting Vulnerabilities (0.9.8)
- WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (4.15.42)
- WordPress Plugin Users Ultra Membership Cross-Site Scripting (1.5.78)
- Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.23)