ImmuniWeb Security Advisories

While testing and developing various vulnerability detection algorithms of ImmuniWeb®, we discovered hundreds of vulnerabilities in the most popular commercial and open source web applications and frameworks:

Remote File Inclusion in Gwolle Guestbook WordPress Plugin Advisory ID: HTB23275
Last Change: November 4, 2015

CVE Reference:

CVE-2015-8351

Vulnerable Version: 1.5.3
Risk Level: Critical

Cross-Site Request Forgery on Oxwall Advisory ID: HTB23266
Last Change: October 22, 2015

CVE Reference:

CVE-2015-5534

Vulnerable Version: 1.7.4
Risk Level: High

Reflected Cross-Site Scripting (XSS) in SourceBans Advisory ID: HTB23273
Last Change: October 22, 2015

CVE Reference:

CVE-2015-8349

Vulnerable Version: 1.4.11
Risk Level: Medium

Reflected Cross-Site Scripting (XSS) in iTop Advisory ID: HTB23268
Last Change: September 23, 2015

CVE Reference:

CVE-2015-6544

Vulnerable Version: 2.1.0-2127
Risk Level: Medium

Cross-Site Request Forgery in Cerb Advisory ID: HTB23269
Last Change: September 2, 2015

CVE Reference:

CVE-2015-6545

Vulnerable Version: 7.0.3
Risk Level: Medium

Cross-Site Scripting (XSS) in qTranslate WordPress Plugin Advisory ID: HTB23265
Last Change: July 29, 2015

CVE Reference:

CVE-2015-5535

Vulnerable Version: 2.5.39
Risk Level: Medium

Multiple XSS Vulnerabilities in Paid Memberships Pro WordPress Plugin Advisory ID: HTB23264
Last Change: July 22, 2015

CVE Reference:

CVE-2015-5532

Vulnerable Version: 1.8.4.2
Risk Level: Medium

SQL Injection in Count Per Day WordPress Plugin Advisory ID: HTB23267
Last Change: July 22, 2015

CVE Reference:

CVE-2015-5533

Vulnerable Version: 3.4
Risk Level: Medium

Path Traversal in BlackCat CMS Advisory ID: HTB23263
Last Change: July 1, 2015

CVE Reference:

CVE-2015-5079

Vulnerable Version: 1.1.1
Risk Level: High

Reflected Cross-Site Scripting (XSS) in SearchBlox Advisory ID: HTB23256
Last Change: June 17, 2015

CVE Reference:

CVE-2015-3422

Vulnerable Version: 8.2
Risk Level: Low