navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: WordPress Maps Marker Pro Plugin Multiple Vulnerabilities

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
WordPress Maps Marker Pro Plugin Multiple Vulnerabilities

Secunia WordPress Maps Marker Pro Plugin Multiple Vulnerabilities
Secunia Official 2nd Apr, 2014 20:36
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
Multiple vulnerabilities have been reported in the Maps Marker Pro plugin for WordPress, which can be exploited by malicious users to conduct script insertion attacks, manipulate certain data, and compromise a vulnerable system.

1) Certain input related to Marker Name is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

2) Certain unspecified input is not properly verified before being used to delete files. This can be exploited to delete arbitrary files via directory traversal attacks.

3) Certain unspecified input is not properly verified before being used to upload files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.

The vulnerabilities are reported in versions prior to 1.5.8.

mapsmarker RE: WordPress Maps Marker Pro Plugin Multiple Vulnerabilities
Member 2nd Apr, 2014 20:36
Score: 0
Posts: 1
User Since: 2nd Apr 2014
System Score: N/A
Location: AT
Last edited on 2nd Apr, 2014 20:36
Hi,

I am the developer of Maps Marker Pro and this advisory is missing some important information:

regarding 1) in order to exploit this vulnerability, you need to have access to a WordPress admin account
regarding 2) this vulnerability can only be exploited if the according option is active
regarding 3) in order to exploit this vulnerability you need at least access to a WordPress contributor account

Producing secure software is important to me and once a (potential) vulnerability is identified, I make a new release ASAP. Anyway I would like to point out, that this advisory is misleading in the (potential) damage these vulnerabilities may cause. If you are using Maps Marker Pro, please always update to the latest version as soon as they released - this will not only get you the latest features and optimizations, but lets you also benefits from security patches and security hardenings.

Robert Harm
Was this reply relevant?
+0
-0


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+