May 2012 Security Updates for WordPress, Joomla!, and Vanilla Forums


Below are all the vulnerabilities that have been discovered during May 2012 for WordPress, Joomla! and Vanilla Forums, please do update or patch your application.


[ad]

WordPress Profile Builder Plugin Recover Password Security Bypass Vulnerability
Application: WordPress
Affected Version: version 1.1.24
Vendor’s URL: Profile Builder Plugin
Bug Type: Security Bypass
Risk Level: Critical
Solution: Update to version 1.1.26.

Jaow CMS “add_ons” SQL Injection
Application: Jaow CMS
Affected Version: version 2.4.4 and other versions.
Vendor’s URL: Jaow CMS
Bug Type: SQL Injection
Risk Level: Critical
Solution: Update to version 2.4.6.

Joomla! JCE Component Cross-Site Scripting and Arbitrary File Upload
Application: Joomla!
Affected Version: version 2.0.21 or prior versions.
Vendor’s URL: JCE Component
Bug Type: Cross-Site Scripting and Arbitrary File Upload
Risk Level: Critical
Solution: Update to version 2.1.0.

WordPress WassUp Plugin “User-Agent” HTTP Header Script Insertion
Application: WordPress
Affected Version: version 1.8.3 and prior versions.
Vendor’s URL: WassUp Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution: Update to version 1.8.3.1.

Vanilla Forums AboutMe Plugin Multiple Script Insertion
Application: Vanilla Forums
Affected Version: version 1.1.1
Vendor’s URL: AboutMe Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution: Edit the source code to ensure that input is properly sanitised.

Vanilla Forums LatestComment Plugin Discussion Title Script Insertion
Application: Vanilla Forums
Affected Version: version 1.1 and other versions.
Vendor’s URL: LatestComment Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution: Edit the source code to ensure that input is properly sanitised.

Vanilla Forums FirstLastNames Plugin Profile Two Script Insertion Vulnerabilities
Application: Vanilla Forums
Affected Version: version 1.3.2 and other versions.
Vendor’s URL: FirstLastNames Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution: Edit the source code to ensure that input is properly sanitised.
[ad#mo]