Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Social Sticky Animated Backdoor (1.0)

Description

WordPress Plugin Social Sticky Animated contains a backdoor. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin Social Sticky Animated version 1.0 is vulnerable.

Remediation

Disable the plugin until a fix is available

References

https://cjc.im/advisories/0005/

Related Vulnerabilities

WordPress Plugin Import/Export Customizer Settings Cross-Site Request Forgery (1.0.3)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4792)

Atlassian Jira Improper Authentication Vulnerability (CVE-2019-8443)

WordPress Plugin Post to Twitter Cross-Site Request Forgery (0.7)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000816)

Severity

High

Classification

CWE-95 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update