New This Week: December 22, 2017
Gravityscan consistently adds detection to CMS vulnerabilities being discovered every day. Whether you use WordPress, Joomla, Drupal or any other content management system, Gravityscan detects and alerts you to these new discoveries as they apply to your website so that you can focus on running your business.
In addition to our existing 7000+ vulnerabilities that we already detect, we have added detection for the following new vulnerabilities for the week of December 22, 2017. Three are considered critical for Drupal.
- CVE 2017-17094 WordPress 1.5.0-4.9 – RSS and Atom Feed Escaping
- CVE 2017-17091 WordPress 3.7-4.9 – ‘newbloguser’ Key Weak Hashing
- CVE 2017-17093 WordPress 4.3.0-4.9 – HTML Language Attribute Escaping
- CVE 2017-17043 Emag Marketplace Connector 1.0 – Unauthenticated Cross-Site Scripting (XSS)
- Elementor Page Builder <= 1.7.12 – Authenticated Unrestricted Editing
- CVE 2017-17059 amtyThumb posts 8.1.3 – Unauthenticated Cross-Site Scripting (XSS)
- CVE 2017-17096 Content Cards <= 0.9.6 – Cross-Site Scripting (XSS)
- Apocalypse Meow 21.1.3-21.2.7 – BCrypt Authentication Bypass
- WP Mailster <= 1.5.4 – Unauthenticated Cross-Site Scripting (XSS)
- SA-CONTRIB-2017-092 Node feedback – Access Bypass – Moderately critical
- SA-CONTRIB-2017-091 Configuration Update Manager – Cross Site Request Forgery (CSRF) – Moderately critical
- SA-CONTRIB-2017-090 Feedback Collect – Cross Site Scripting (XSS) – Moderately critical
- SA-CONTRIB-2017-089 Mailhandler – Remote Code Execution – Critical
- SA-CONTRIB-2017-088 bootstrap_carousel – Cross Site Scripting – Moderately critical
- SA-CONTRIB-2017-087 Services single sign-on client – Cross-site scripting – Critical
- SA-CONTRIB-2017-086 Cloud – CSRF – Critical
- SA-CONTRIB-2017-084 Domain Integration – Access bypass – Moderately critical
- CVE-2017-16642 In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension’s timelib_meridian handling of ‘front of’ and ‘back of’ directives.
If you are an existing Gravityscan user, your site is currently being scanned for these vulnerabilities. You can try out our Pro service with a free 14 day trial. This includes the full vulnerability details for each pro site that has ownership verified, the ability to speed up your scans, send SMS alerts and our awesome premium support.
Try out Gravityscan Pro free for two weeks, on us!