---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: WordPress WP Comment Remix Plugin Multiple Vulnerabilities SECUNIA ADVISORY ID: SA32253 VERIFY ADVISORY: http://secunia.com/advisories/32253/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: >From remote SOFTWARE: WP Comment Remix 1.x (plugin for WordPress) http://secunia.com/advisories/product/20159/ DESCRIPTION: g30rg3_x has reported some vulnerabilities in the WP Comment Remix plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery, script insertion, and SQL injection attacks. 1) Input passed to the "p" parameter in ajax_comments.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to various parameters in wpcommentremix.php is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed. Successful exploitation of this vulnerability requires that the victim has valid administrator credentials. 3) A vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to change configuration options by enticing a logged-in administrator to visit a malicious web page. The vulnerabilities are reported in all versions prior to 1.4.4. SOLUTION: Update to version 1.4.4. PROVIDED AND/OR DISCOVERED BY: g30rg3_x ORIGINAL ADVISORY: http://chxsecurity.org/advisories/adv-3-full.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------