API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 4th, 2016
262
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.91 KB | None | 0 0
raw download clone embed print report
  1. [+] We found 22 plugins:
  2.  
  3. [+] Name: akismet - v3.1.11
  4. | Latest version: 3.1.11 (up to date)
  5. | Location: http://correctrecord.org/wp-content/plugins/akismet/
  6. | Readme: http://correctrecord.org/wp-content/plugins/akismet/readme.txt
  7.  
  8. [+] Name: bbpress - v2.5.3
  9. | Location: http://correctrecord.org/wp-content/plugins/bbpress/
  10. | Readme: http://correctrecord.org/wp-content/plugins/bbpress/readme.txt
  11. [!] The version is out of date, the latest version is 2.5.10
  12.  
  13. [!] Title: bbPress <= 2.5.8 - Stored Cross-Site Scripting (XSS)
  14. Reference: https://wpvulndb.com/vulnerabilities/8484
  15. Reference: https://blog.sucuri.net/2016/05/security-advisory-stored-xss-bbpress-2.html
  16. Reference: https://bbpress.org/blog/2016/05/bbpress-2-5-9/
  17. [i] Fixed in: 2.5.9
  18.  
  19. [!] Title: bbPress <= 2.5.9 - Display Name & Avatar Potential Cross-Site Scripting (XSS)
  20. Reference: https://wpvulndb.com/vulnerabilities/8555
  21. Reference: https://wptavern.com/bbpress-2-5-10-patches-security-vulnerability
  22. Reference: https://bbpress.org/blog/2016/07/bbpress-2-5-10-security-release/
  23. Reference: https://plugins.trac.wordpress.org/changeset/1454184/bbpress
  24. [i] Fixed in: 2.5.10
  25.  
  26. [+] Name: coming-soon - v4.0.3
  27. | Location: http://correctrecord.org/wp-content/plugins/coming-soon/
  28. | Readme: http://correctrecord.org/wp-content/plugins/coming-soon/README.txt
  29. [!] The version is out of date, the latest version is 5.0.4
  30.  
  31. [+] Name: contact-form-7 - v4.1.2
  32. | Location: http://correctrecord.org/wp-content/plugins/contact-form-7/
  33. | Readme: http://correctrecord.org/wp-content/plugins/contact-form-7/readme.txt
  34. [!] The version is out of date, the latest version is 4.4.2
  35.  
  36. [+] Name: contact-form-7-to-database-extension - v2.9.1
  37. | Location: http://correctrecord.org/wp-content/plugins/contact-form-7-to-database-extension/
  38. | Readme: http://correctrecord.org/wp-content/plugins/contact-form-7-to-database-extension/readme.txt
  39. [!] The version is out of date, the latest version is 2.10.20
  40.  
  41. [+] Name: google-analytics-for-wordpress - v5.4.2
  42. | Location: http://correctrecord.org/wp-content/plugins/google-analytics-for-wordpress/
  43. | Readme: http://correctrecord.org/wp-content/plugins/google-analytics-for-wordpress/readme.txt
  44. [!] The version is out of date, the latest version is 5.5.2
  45.  
  46. [!] Title: Google Analytics by Yoast <= 5.4.4 - Authenticated Stored Cross-Site Scripting (XSS)
  47. Reference: https://wpvulndb.com/vulnerabilities/8147
  48. Reference: https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/
  49. [i] Fixed in: 5.4.5
  50.  
  51. [+] Name: google-document-embedder - v2.5.19
  52. | Location: http://correctrecord.org/wp-content/plugins/google-document-embedder/
  53. | Readme: http://correctrecord.org/wp-content/plugins/google-document-embedder/readme.txt
  54. [!] The version is out of date, the latest version is 2.6
  55.  
  56. [+] Name: googleanalytics - v1.0.6
  57. | Latest version: 1.0.6 (up to date)
  58. | Location: http://correctrecord.org/wp-content/plugins/googleanalytics/
  59. | Readme: http://correctrecord.org/wp-content/plugins/googleanalytics/readme.txt
  60.  
  61. [+] Name: hupso-share-buttons-for-twitter-facebook-google - v3.9.24
  62. | Location: http://correctrecord.org/wp-content/plugins/hupso-share-buttons-for-twitter-facebook-google/
  63. | Readme: http://correctrecord.org/wp-content/plugins/hupso-share-buttons-for-twitter-facebook-google/readme.txt
  64. [!] The version is out of date, the latest version is 4.0.3
  65.  
  66. [+] Name: jquery-updater - v2.1.4
  67. | Location: http://correctrecord.org/wp-content/plugins/jquery-updater/
  68. | Readme: http://correctrecord.org/wp-content/plugins/jquery-updater/readme.txt
  69. [!] The version is out of date, the latest version is 3.1.0
  70.  
  71. [+] Name: mailchimp - v1.4.2
  72. | Location: http://correctrecord.org/wp-content/plugins/mailchimp/
  73. | Readme: http://correctrecord.org/wp-content/plugins/mailchimp/readme.txt
  74. [!] The version is out of date, the latest version is 1.5.1
  75.  
  76. [+] Name: mailchimp-for-wp - v2.0.1
  77. | Location: http://correctrecord.org/wp-content/plugins/mailchimp-for-wp/
  78. | Readme: http://correctrecord.org/wp-content/plugins/mailchimp-for-wp/readme.txt
  79. [!] The version is out of date, the latest version is 3.1.12
  80.  
  81. [+] Name: password-protected - v1.7.1
  82. | Location: http://correctrecord.org/wp-content/plugins/password-protected/
  83. | Readme: http://correctrecord.org/wp-content/plugins/password-protected/readme.txt
  84. [!] The version is out of date, the latest version is 2.0.3
  85.  
  86. [+] Name: share-this-image
  87. | Location: http://correctrecord.org/wp-content/plugins/share-this-image/
  88.  
  89. [+] Name: simple-full-screen-background-image - v1.1
  90. | Location: http://correctrecord.org/wp-content/plugins/simple-full-screen-background-image/
  91. | Readme: http://correctrecord.org/wp-content/plugins/simple-full-screen-background-image/readme.txt
  92. [!] The version is out of date, the latest version is 1.2
  93.  
  94. [+] Name: simple-share-buttons-adder - v4.3
  95. | Location: http://correctrecord.org/wp-content/plugins/simple-share-buttons-adder/
  96. | Readme: http://correctrecord.org/wp-content/plugins/simple-share-buttons-adder/readme.txt
  97. [!] The version is out of date, the latest version is 6.2.2
  98.  
  99. [!] Title: Simple Share Buttons Adder 4.4 - options-general.php Multiple Admin Actions CSRF
  100. Reference: https://wpvulndb.com/vulnerabilities/6045
  101. Reference: https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/
  102. Reference: http://packetstormsecurity.com/files/127238/
  103. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4717
  104. Reference: https://www.exploit-db.com/exploits/33896/
  105. [i] Fixed in: 4.5
  106.  
  107. [!] Title: Simple Share Buttons Adder 4.4 - options-general.php ssba_share_text Parameter Stored XSS Weakness
  108. Reference: https://wpvulndb.com/vulnerabilities/6046
  109. Reference: https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/
  110. Reference: http://packetstormsecurity.com/files/127238/
  111. Reference: https://www.exploit-db.com/exploits/33896/
  112. [i] Fixed in: 4.5
  113.  
  114. [!] Title: Simple Share Buttons Adder <= 6.0.0 - Reflected Cross-Site Scripting (XSS)
  115. Reference: https://wpvulndb.com/vulnerabilities/8021
  116. Reference: https://wordpress.org/plugins/simple-share-buttons-adder/
  117. [i] Fixed in: 6.0.1
  118.  
  119. [+] Name: sumome - v4.5
  120. | Latest version: 1.19 (up to date)
  121. | Location: http://correctrecord.org/wp-content/plugins/sumome/
  122. | Readme: http://correctrecord.org/wp-content/plugins/sumome/Readme.txt
  123.  
  124. [+] Name: twitter - v1.0.1
  125. | Location: http://correctrecord.org/wp-content/plugins/twitter/
  126. | Readme: http://correctrecord.org/wp-content/plugins/twitter/readme.txt
  127. [!] The version is out of date, the latest version is 1.5.0
  128.  
  129. [+] Name: vanilla-pdf-embed - v0.0.7
  130. | Latest version: 0.0.7 (up to date)
  131. | Location: http://correctrecord.org/wp-content/plugins/vanilla-pdf-embed/
  132. | Readme: http://correctrecord.org/wp-content/plugins/vanilla-pdf-embed/readme.txt
  133.  
  134. [+] Name: woocommerce - v2.2.11
  135. | Location: http://correctrecord.org/wp-content/plugins/woocommerce/
  136. | Readme: http://correctrecord.org/wp-content/plugins/woocommerce/readme.txt
  137. [!] The version is out of date, the latest version is 2.6.4
  138.  
  139. [!] Title: WooCommerce 2.3 - 2.3.5 - SQL Injection
  140. Reference: https://wpvulndb.com/vulnerabilities/7846
  141. Reference: http://www.wordfence.com/blog/2015/03/woocommerce-sql-injection-vulnerability/
  142. [i] Fixed in: 2.3.6
  143.  
  144. [!] Title: WooCommerce 2.0.20-2.3.10 - Object Injection / XXE
  145. Reference: https://wpvulndb.com/vulnerabilities/8039
  146. Reference: https://blog.sucuri.net/2015/06/security-advisory-object-injection-vulnerability-in-woocommerce.html
  147. [i] Fixed in: 2.3.11
  148.  
  149. [!] Title: WooCommerce <= 2.4.8 - Authenticated Cross-Site Scripting (XSS)
  150. Reference: https://wpvulndb.com/vulnerabilities/8242
  151. Reference: http://blog.fortinet.com/post/fortiguard-labs-discloses-another-wordpress-woocommerce-plug-in-cross-site-scripting-vulnerability
  152. [i] Fixed in: 2.4.9
  153.  
  154. [!] Title: WooCommerce <= 2.6.2 - Authenticated Cross-Site Scripting (XSS)
  155. Reference: https://wpvulndb.com/vulnerabilities/8563
  156. Reference: https://woocommerce.wordpress.com/2016/07/19/woocommerce-2-6-3-fixsecurity-release-notes/
  157. Reference: https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_woocommerce_using_image_metadata__exif_.html
  158. [i] Fixed in: 2.6.3
  159.  
  160. [+] Name: wordpress-importer - v0.6.1
  161. | Latest version: 0.6.1 (up to date)
  162. | Location: http://correctrecord.org/wp-content/plugins/wordpress-importer/
  163. | Readme: http://correctrecord.org/wp-content/plugins/wordpress-importer/readme.txt
  164.  
  165. [+] Name: wordpress-seo - v2.1.1
  166. | Location: http://correctrecord.org/wp-content/plugins/wordpress-seo/
  167. | Readme: http://correctrecord.org/wp-content/plugins/wordpress-seo/readme.txt
  168. | Changelog: http://correctrecord.org/wp-content/plugins/wordpress-seo/changelog.txt
  169. [!] The version is out of date, the latest version is 3.4.1
  170.  
  171. [!] Title: Yoast SEO <= 2.1.1 - Authenticated Stored DOM XSS
  172. Reference: https://wpvulndb.com/vulnerabilities/8045
  173. Reference: https://inventropy.us/blog/yoast-seo-plugin-cross-site-scripting-vulnerability/
  174. Reference: http://packetstormsecurity.com/files/132294/
  175. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6692
  176. [i] Fixed in: 2.2
  177.  
  178. [!] Title: Yoast SEO <= 3.2.4 - Subscriber Settings Sensitive Data Exposure
  179. Reference: https://wpvulndb.com/vulnerabilities/8487
  180. Reference: https://www.wordfence.com/blog/2016/05/yoast-seo-vulnerability/
  181. [i] Fixed in: 3.2.5
  182.  
  183. [!] Title: Yoast SEO <= 3.2.5 - Unspecified Cross-Site Scripting (XSS)
  184. Reference: https://wpvulndb.com/vulnerabilities/8569
  185. Reference: https://wordpress.org/plugins/wordpress-seo/changelog/
  186. [i] Fixed in: 3.3.0
  187.  
  188. [!] Title: Yoast SEO <= 3.4.0 - Authenticated Stored Cross-Site Scripting (XSS)
  189. Reference: https://wpvulndb.com/vulnerabilities/8583
  190. Reference: https://plugins.trac.wordpress.org/changeset/1466243/wordpress-seo
  191. [i] Fixed in: 3.4.1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!