New This Week: January 4, 2018
Gravityscan consistently adds detection for CMS vulnerabilities. Whether you use WordPress, Joomla, Drupal, vBulletin or any other content management system, Gravityscan detects and alerts you to these new discoveries as they apply to your website so that you can focus on running your business.
In addition to the existing 7000+ vulnerabilities that we already detect, we have added detection for the following new vulnerabilities for the week of January 5, 2018. One is highly critical for Drupal.
- Duplicate Page and Post 2.1.0-2.1.1 – Backdoored
- No Follow All External Links 2.1.0-2.3.0 – Backdoored
- WP No External Links 4.2.1-4.2.2 – Backdoored
- Top 10 <= 2.4.3 – Authenticated SQL Injection
- Captcha 4.3.6–4.4.4 – Backdoored
- RegistrationMagic – Custom Registration Forms <= 22.214.171.124 – Authenticated SQL Injection
- RegistrationMagic – Custom Registration Forms <= 126.96.36.199 – Authenticated Reflected XSS
- CVE 2017-16949 AccessPress Anonymous Post Pro < 3.2.0 – Unauthenticated Arbitrary File Upload
- CVE 2017-17719 WordPress Concours <= 1.1 – Authenticated Cross-Site Scripting (XSS)
- CVE 2017-17744 Custom Map <= 1.1 – Authenticated Cross-Site Scripting (XSS)
- CVE 2017-17753 Csv Import-Export <= 1.1 – Authenticated Cross-Site Scripting (XSS)
Multiple Mediaburst/Clockwork Plugins – Cross-Site Scripting (XSS)
- WP e-Commerce – Clockwork SMS < 2.4.2
- Booking Calendar – Clockwork SMS < 1.1.0
- Contact Form 7 – Clockwork SMS < 2.4.0
- Gravity Forms – Clockwork SMS < 2.4.0
- Fast Secure Contact Form – Clockwork SMS < 2.4.0
- Formidable – Clockwork SMS < 1.1.0
- Two-Factor Authentication – Clockwork SM < 1.1.0
- Clockwork SMS Notifications < 3.0.0
- Email to SMS < 3.0.0
- CVE 2017-17672 vBulletin 5 – ‘cacheTemplates’ Unauthenticated Remote Arbitrary File Deletion
- vBulletin 5 – ‘routestring’ Unauthenticated Remote Code Execution
If you are an existing Gravityscan user, your site is already being scanned for these vulnerabilities. You can try out our Pro service with a free 14-day trial. This includes the full vulnerability details for each pro site that has ownership verified, the ability to speed up your scans, send SMS alerts and our awesome premium support.
Try out Gravityscan Pro free for two weeks, on us!