SQL Injection and XSS Vulnerabilities in the plugin v.2.5 | WordPress.org

Vladimir Vassilev
(@vloo)

9 years, 9 months ago

Hey, guys, you’d better have in mind that this version (2.5) of the plugin has some serious vulnerabilities! You can get more info here:

http://www.exploit-db.com/exploits/34161/

https://wordpress.org/plugins/contus-video-gallery/

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author hdflvplayer
(@hdflvplayer)

9 years, 9 months ago

Hi,

We appreciate your time on bringing this to our notice. We have already found the issue and updated the package. Kindly download the updated package in the following link http://wordpress.org/plugins/contus-video-gallery/ and check. If you are still facing any difficulties in this feel free to contact us.

Thread Starter Vladimir Vassilev
(@vloo)

9 years, 9 months ago

Hi, I can’t really see a newer version of the plugin, so it’s still on the current, vulnerable one. Furthermore, you are missing the changelog tab for the plugin, so lot’s of people will miss the really important info on what exactly is updated in the newer version and why it’s a must to update it.

arunprasath
(@arunprasath)

9 years, 9 months ago

Hi,

We have fixed the SQL issue on the same version and we have updated the change log as requested. So please go to http://wordpress.org/plugins/contus-video-gallery/changelog/ to find the udpates. Also download the latest package to overcome the sql issue.

Thanks
Arun

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘SQL Injection and XSS Vulnerabilities in the plugin v.2.5’ is closed to new replies.

Tags

exploit

In: Plugins
3 replies
3 participants
Last reply from: arunprasath
Last activity: 9 years, 9 months ago
Status: not resolved