Description
WordPress Plugin FoxyPress is prone to multiple SQL injection, arbitrary file upload, cross-site scripting and cross-site request forgery vulnerabilities. A successful exploit may allow an attacker to gain unauthorized access and perform certain administrative actions, compromise the application, disclose potentially sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin FoxyPress version 0.4.2.5 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 0.4.2.9 or latest
References
http://www.securityfocus.com/bid/56332/exploit
http://www.waraxe.us/advisory-95.html
http://www.exploit-db.com/exploits/22374/
http://packetstormsecurity.com/files/117768/WordPress-FoxyPress-0.4.2.5-XSS-CSRF-SQL-Injection.html
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1835)
WordPress Plugin WP REST API (WP API) Security Bypass (1.2.1)
Oracle JRE CVE-2019-2992 Vulnerability (CVE-2019-2992)
Nginx Out-of-bounds Read Vulnerability (CVE-2022-38890)
Oracle Database Server CVE-2006-0291 Vulnerability (CVE-2006-0291)