|Secunia||WordPress Maps Marker Pro Plugin Multiple Vulnerabilities|
|2nd Apr, 2014 20:36|
User Since: -
System Score: -
Location: Copenhagen, DK
Multiple vulnerabilities have been reported in the Maps Marker Pro plugin for WordPress, which can be exploited by malicious users to conduct script insertion attacks, manipulate certain data, and compromise a vulnerable system.
1) Certain input related to Marker Name is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.
2) Certain unspecified input is not properly verified before being used to delete files. This can be exploited to delete arbitrary files via directory traversal attacks.
3) Certain unspecified input is not properly verified before being used to upload files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.
The vulnerabilities are reported in versions prior to 1.5.8.
|mapsmarker||RE: WordPress Maps Marker Pro Plugin Multiple Vulnerabilities|
|2nd Apr, 2014 20:36|
User Since: 2nd Apr 2014
System Score: N/A
Last edited on 2nd Apr, 2014 20:36
I am the developer of Maps Marker Pro and this advisory is missing some important information:
regarding 1) in order to exploit this vulnerability, you need to have access to a WordPress admin account
regarding 2) this vulnerability can only be exploited if the according option is active
regarding 3) in order to exploit this vulnerability you need at least access to a WordPress contributor account
Producing secure software is important to me and once a (potential) vulnerability is identified, I make a new release ASAP. Anyway I would like to point out, that this advisory is misleading in the (potential) damage these vulnerabilities may cause. If you are using Maps Marker Pro, please always update to the latest version as soon as they released - this will not only get you the latest features and optimizations, but lets you also benefits from security patches and security hardenings.
Not a customer already?