ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Spider Catalog Plugin 1.4.6 - Multiple Vulnerabilities

Product
Spider Catalog
Description
Spider Catalog plugin is prone to multiple vulnerabilities. These vulnerabilities are: 1. SQL Injection in Spider Catalog Shortcodes; 2. SQL Injection in "catalog.php" function "catalog_after_search_results()"; 3. SQL Injection in "Categories.php" function "change_cat()"; 4. SQL Injection in "Categories.php" function "editCategory()"; 5. SQL Injection in "Categories.php" function "apply_cat()"; 6. SQL Injection in "Categories.php" function "removeCategory()"; 7. SQL Injection in "products.php" function "update_prad_cat()"; 8. SQL Injection in "products.php" function "change_prod()"; 9. SQL Injection in "products.php" function "spider_cat_prod_rev()"; 10. SQL Injection in "products.php" function "delete_rev()"; 11. SQL Injection in "products.php" function "delete_single_review()"; 12. SQL Injection in "products.php" function "spider_cat_prod_rating()"; 13. SQL Injection in "products.php" function "delete_ratings()"; 14. SQL Injection in "products.php" function "delete_single_rating()"; 15. SQL Injection in "products.php" function "update_s_c_rating()"; 16. Stored XSS in Spider Catalog category name; 17. Stored XSS in Spider Catalog product name; 18. Reflected XSS in "Categories.html.php"; 19. Reflected XSS in "Products.html.php"; 20. Reflected XSS in "spiderBox/spiderBox.js.php"; 21. Reflected XSS in "catalog.php" function "spider_box_js_php()"; 22. Full Path Disclosure in multiple scripts.
Solution
Update the plugin.
Classification
Type Multi
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.4.6
Fixed In 1.4.7
Disclosure date
2013-05-26
Credits
waraxe