bug in plugin detection
d4op opened this issue · 1 comments
[i] Name: wysija-newsletters - v2.7.11.3
[!]RCE : MailPoet Newsletters 2.6.6 - Theme File Upload H&ling Remote Code Execution - ID:6680
| Fixed in 2.6.7
| References:
- http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html
- http://www.openwall.com/lists/oss-security/2014/07/02/1
- Metasploit exploit/unix/webapp/wp_wysija_newsletters_upload
- Exploitdb 33991
- Cve 2014-4725
- Secunia 59455
[!]SQLI : Wysija Newsletters 2.2 - SQL Injection - ID:6681
| Fixed in 2.2.1
| References:
- https://www.htbridge.com/advisory/HTB23140
- http://packetstormsecurity.com/files/120089/
- http://seclists.org/bugtraq/2013/Feb/29
- http://cxsecurity.com/issue/WLB-2013020039
- Cve 2013-1408
[!]XSS : Wysija Newsletters - swfupload Cross-Site Scripting - ID:6682
| Fixed in 2.1.7
| References:
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
- Secunia 51249
[!]UNKNOWN : MailPoet Newsletters 2.6.7 - helpers/back.php page Parameter Unspecified Issue - ID:7573
| Fixed in 2.6.8
| References:
- http://www.securityfocus.com/bid/68462/
- Cve 2014-4726
[!]CSRF : MailPoet Newsletters 2.6.10 - Unspecified CSRF - ID:7574
| Fixed in 2.6.11
| References:
- Cve 2014-3907
[!]XSS : MailPoet Newsletters <= 2.6.19 - Unauthenticated Reflected Cross-Site Scripting (XSS) - ID:8373
| Fixed in 2.7
| References:
- https://www.netsparker.com/ns-16-002-xss-vulnerability-identified-in-mailpoet-newsletters/
[!]XSS : MailPoet Newsletters <= 2.7.2 - Authenticated Reflected Cross-Site Scripting (XSS) - ID:8617
| Fixed in 2.7.3
| References:
- https://sumofpwn.nl/advisory/2016/reflected_cross_site_scripting_vulnerability_in_mailpoet_newsletters_plugin.html
- http://seclists.org/fulldisclosure/2016/Sep/17
[!]SQLI : MailPoet Newsletters <= 2.7.2 - SQL Injection - ID:8618
| Fixed in 2.7.3
| References:
- https://plugins.trac.wordpress.org/changeset/1469869/wysija-newsletters
[i] Name: contact-form-7 - v4.9
[i] Name: wp-members - v3.1.9.1
[!]XSS : WP-Members 2.8.9 - profile.php Multiple Parameter Stored XSS - ID:7079
| Fixed in 2.8.10
| References:
- http://packetstormsecurity.com/files/124720/
- http://www.securityfocus.com/bid/64713/
- Secunia 56271
[!]XSS : WP-Members 2.8.9 - wp-login.php register Action Multiple Parameter Reflected XSS - ID:7080
| Fixed in 2.8.10
| References:
- http://packetstormsecurity.com/files/124720/
- http://www.securityfocus.com/bid/64713/
- Secunia 56271
[!]XSS : WP-Members <= 3.1.7 - Authenticated Cross-Site Scripting (XSS) - ID:8858
| Fixed in 3.1.8
| References:
- https://jvn.jp/en/jp/JVN51355647/index.html
- https://plugins.trac.wordpress.org/changeset/1667369/#file12
- Cve 2017-2222
why does it show me vulns of older versions even if all is up-to-date ?
why does it show me vulns of older versions even if all is up-to-date ?