Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [+] We found 22 plugins:
- [+] Name: akismet - v3.1.11
- | Latest version: 3.1.11 (up to date)
- | Location: http://correctrecord.org/wp-content/plugins/akismet/
- | Readme: http://correctrecord.org/wp-content/plugins/akismet/readme.txt
- [+] Name: bbpress - v2.5.3
- | Location: http://correctrecord.org/wp-content/plugins/bbpress/
- | Readme: http://correctrecord.org/wp-content/plugins/bbpress/readme.txt
- [!] The version is out of date, the latest version is 2.5.10
- [!] Title: bbPress <= 2.5.8 - Stored Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8484
- Reference: https://blog.sucuri.net/2016/05/security-advisory-stored-xss-bbpress-2.html
- Reference: https://bbpress.org/blog/2016/05/bbpress-2-5-9/
- [i] Fixed in: 2.5.9
- [!] Title: bbPress <= 2.5.9 - Display Name & Avatar Potential Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8555
- Reference: https://wptavern.com/bbpress-2-5-10-patches-security-vulnerability
- Reference: https://bbpress.org/blog/2016/07/bbpress-2-5-10-security-release/
- Reference: https://plugins.trac.wordpress.org/changeset/1454184/bbpress
- [i] Fixed in: 2.5.10
- [+] Name: coming-soon - v4.0.3
- | Location: http://correctrecord.org/wp-content/plugins/coming-soon/
- | Readme: http://correctrecord.org/wp-content/plugins/coming-soon/README.txt
- [!] The version is out of date, the latest version is 5.0.4
- [+] Name: contact-form-7 - v4.1.2
- | Location: http://correctrecord.org/wp-content/plugins/contact-form-7/
- | Readme: http://correctrecord.org/wp-content/plugins/contact-form-7/readme.txt
- [!] The version is out of date, the latest version is 4.4.2
- [+] Name: contact-form-7-to-database-extension - v2.9.1
- | Location: http://correctrecord.org/wp-content/plugins/contact-form-7-to-database-extension/
- | Readme: http://correctrecord.org/wp-content/plugins/contact-form-7-to-database-extension/readme.txt
- [!] The version is out of date, the latest version is 2.10.20
- [+] Name: google-analytics-for-wordpress - v5.4.2
- | Location: http://correctrecord.org/wp-content/plugins/google-analytics-for-wordpress/
- | Readme: http://correctrecord.org/wp-content/plugins/google-analytics-for-wordpress/readme.txt
- [!] The version is out of date, the latest version is 5.5.2
- [!] Title: Google Analytics by Yoast <= 5.4.4 - Authenticated Stored Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8147
- Reference: https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/
- [i] Fixed in: 5.4.5
- [+] Name: google-document-embedder - v2.5.19
- | Location: http://correctrecord.org/wp-content/plugins/google-document-embedder/
- | Readme: http://correctrecord.org/wp-content/plugins/google-document-embedder/readme.txt
- [!] The version is out of date, the latest version is 2.6
- [+] Name: googleanalytics - v1.0.6
- | Latest version: 1.0.6 (up to date)
- | Location: http://correctrecord.org/wp-content/plugins/googleanalytics/
- | Readme: http://correctrecord.org/wp-content/plugins/googleanalytics/readme.txt
- [+] Name: hupso-share-buttons-for-twitter-facebook-google - v3.9.24
- | Location: http://correctrecord.org/wp-content/plugins/hupso-share-buttons-for-twitter-facebook-google/
- | Readme: http://correctrecord.org/wp-content/plugins/hupso-share-buttons-for-twitter-facebook-google/readme.txt
- [!] The version is out of date, the latest version is 4.0.3
- [+] Name: jquery-updater - v2.1.4
- | Location: http://correctrecord.org/wp-content/plugins/jquery-updater/
- | Readme: http://correctrecord.org/wp-content/plugins/jquery-updater/readme.txt
- [!] The version is out of date, the latest version is 3.1.0
- [+] Name: mailchimp - v1.4.2
- | Location: http://correctrecord.org/wp-content/plugins/mailchimp/
- | Readme: http://correctrecord.org/wp-content/plugins/mailchimp/readme.txt
- [!] The version is out of date, the latest version is 1.5.1
- [+] Name: mailchimp-for-wp - v2.0.1
- | Location: http://correctrecord.org/wp-content/plugins/mailchimp-for-wp/
- | Readme: http://correctrecord.org/wp-content/plugins/mailchimp-for-wp/readme.txt
- [!] The version is out of date, the latest version is 3.1.12
- [+] Name: password-protected - v1.7.1
- | Location: http://correctrecord.org/wp-content/plugins/password-protected/
- | Readme: http://correctrecord.org/wp-content/plugins/password-protected/readme.txt
- [!] The version is out of date, the latest version is 2.0.3
- [+] Name: share-this-image
- | Location: http://correctrecord.org/wp-content/plugins/share-this-image/
- [+] Name: simple-full-screen-background-image - v1.1
- | Location: http://correctrecord.org/wp-content/plugins/simple-full-screen-background-image/
- | Readme: http://correctrecord.org/wp-content/plugins/simple-full-screen-background-image/readme.txt
- [!] The version is out of date, the latest version is 1.2
- [+] Name: simple-share-buttons-adder - v4.3
- | Location: http://correctrecord.org/wp-content/plugins/simple-share-buttons-adder/
- | Readme: http://correctrecord.org/wp-content/plugins/simple-share-buttons-adder/readme.txt
- [!] The version is out of date, the latest version is 6.2.2
- [!] Title: Simple Share Buttons Adder 4.4 - options-general.php Multiple Admin Actions CSRF
- Reference: https://wpvulndb.com/vulnerabilities/6045
- Reference: https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/
- Reference: http://packetstormsecurity.com/files/127238/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4717
- Reference: https://www.exploit-db.com/exploits/33896/
- [i] Fixed in: 4.5
- [!] Title: Simple Share Buttons Adder 4.4 - options-general.php ssba_share_text Parameter Stored XSS Weakness
- Reference: https://wpvulndb.com/vulnerabilities/6046
- Reference: https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/
- Reference: http://packetstormsecurity.com/files/127238/
- Reference: https://www.exploit-db.com/exploits/33896/
- [i] Fixed in: 4.5
- [!] Title: Simple Share Buttons Adder <= 6.0.0 - Reflected Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8021
- Reference: https://wordpress.org/plugins/simple-share-buttons-adder/
- [i] Fixed in: 6.0.1
- [+] Name: sumome - v4.5
- | Latest version: 1.19 (up to date)
- | Location: http://correctrecord.org/wp-content/plugins/sumome/
- | Readme: http://correctrecord.org/wp-content/plugins/sumome/Readme.txt
- [+] Name: twitter - v1.0.1
- | Location: http://correctrecord.org/wp-content/plugins/twitter/
- | Readme: http://correctrecord.org/wp-content/plugins/twitter/readme.txt
- [!] The version is out of date, the latest version is 1.5.0
- [+] Name: vanilla-pdf-embed - v0.0.7
- | Latest version: 0.0.7 (up to date)
- | Location: http://correctrecord.org/wp-content/plugins/vanilla-pdf-embed/
- | Readme: http://correctrecord.org/wp-content/plugins/vanilla-pdf-embed/readme.txt
- [+] Name: woocommerce - v2.2.11
- | Location: http://correctrecord.org/wp-content/plugins/woocommerce/
- | Readme: http://correctrecord.org/wp-content/plugins/woocommerce/readme.txt
- [!] The version is out of date, the latest version is 2.6.4
- [!] Title: WooCommerce 2.3 - 2.3.5 - SQL Injection
- Reference: https://wpvulndb.com/vulnerabilities/7846
- Reference: http://www.wordfence.com/blog/2015/03/woocommerce-sql-injection-vulnerability/
- [i] Fixed in: 2.3.6
- [!] Title: WooCommerce 2.0.20-2.3.10 - Object Injection / XXE
- Reference: https://wpvulndb.com/vulnerabilities/8039
- Reference: https://blog.sucuri.net/2015/06/security-advisory-object-injection-vulnerability-in-woocommerce.html
- [i] Fixed in: 2.3.11
- [!] Title: WooCommerce <= 2.4.8 - Authenticated Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8242
- Reference: http://blog.fortinet.com/post/fortiguard-labs-discloses-another-wordpress-woocommerce-plug-in-cross-site-scripting-vulnerability
- [i] Fixed in: 2.4.9
- [!] Title: WooCommerce <= 2.6.2 - Authenticated Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8563
- Reference: https://woocommerce.wordpress.com/2016/07/19/woocommerce-2-6-3-fixsecurity-release-notes/
- Reference: https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_woocommerce_using_image_metadata__exif_.html
- [i] Fixed in: 2.6.3
- [+] Name: wordpress-importer - v0.6.1
- | Latest version: 0.6.1 (up to date)
- | Location: http://correctrecord.org/wp-content/plugins/wordpress-importer/
- | Readme: http://correctrecord.org/wp-content/plugins/wordpress-importer/readme.txt
- [+] Name: wordpress-seo - v2.1.1
- | Location: http://correctrecord.org/wp-content/plugins/wordpress-seo/
- | Readme: http://correctrecord.org/wp-content/plugins/wordpress-seo/readme.txt
- | Changelog: http://correctrecord.org/wp-content/plugins/wordpress-seo/changelog.txt
- [!] The version is out of date, the latest version is 3.4.1
- [!] Title: Yoast SEO <= 2.1.1 - Authenticated Stored DOM XSS
- Reference: https://wpvulndb.com/vulnerabilities/8045
- Reference: https://inventropy.us/blog/yoast-seo-plugin-cross-site-scripting-vulnerability/
- Reference: http://packetstormsecurity.com/files/132294/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6692
- [i] Fixed in: 2.2
- [!] Title: Yoast SEO <= 3.2.4 - Subscriber Settings Sensitive Data Exposure
- Reference: https://wpvulndb.com/vulnerabilities/8487
- Reference: https://www.wordfence.com/blog/2016/05/yoast-seo-vulnerability/
- [i] Fixed in: 3.2.5
- [!] Title: Yoast SEO <= 3.2.5 - Unspecified Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8569
- Reference: https://wordpress.org/plugins/wordpress-seo/changelog/
- [i] Fixed in: 3.3.0
- [!] Title: Yoast SEO <= 3.4.0 - Authenticated Stored Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8583
- Reference: https://plugins.trac.wordpress.org/changeset/1466243/wordpress-seo
- [i] Fixed in: 3.4.1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement