Gravityscan Blog

Updates on website security and what's going on in our universe.

New This Week: December 22, 2017

This entry was posted in Drupal, PHP, Weekly Scanner Updates, Wordpress on Dec 21, 2017 by Colette 0 Replies

Gravityscan consistently adds detection to CMS vulnerabilities being discovered every day. Whether you use WordPress, Joomla, Drupal or any other content management system, Gravityscan detects and alerts you to these new discoveries as they apply to your website so that you can focus on running your business.

In addition to our existing 7000+ vulnerabilities that we already detect, we have added detection for the following new vulnerabilities for the week of December 22, 2017. Three are considered critical for Drupal.

WordPress Core:

  • CVE 2017-17092 WordPress 2.8.6-4.9 – Authenticated JavaScript File Upload
  • CVE 2017-17094 WordPress 1.5.0-4.9 – RSS and Atom Feed Escaping
  • CVE 2017-17091 WordPress 3.7-4.9 – ‘newbloguser’ Key Weak Hashing
  • CVE 2017-17093 WordPress 4.3.0-4.9 – HTML Language Attribute Escaping

WordPress Plugins:

  • CVE 2017-17043 Emag Marketplace Connector 1.0 – Unauthenticated Cross-Site Scripting (XSS)
  • Elementor Page Builder <= 1.7.12 – Authenticated Unrestricted Editing
  • CVE 2017-17059 amtyThumb posts 8.1.3 – Unauthenticated Cross-Site Scripting (XSS)
  • CVE 2017-17096 Content Cards <= 0.9.6 – Cross-Site Scripting (XSS)
  • Apocalypse Meow 21.1.3-21.2.7 – BCrypt Authentication Bypass
  • WP Mailster <= 1.5.4 – Unauthenticated Cross-Site Scripting (XSS)

Drupal:

PHP:

  • CVE-2017-16642 In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension’s timelib_meridian handling of ‘front of’ and ‘back of’ directives.

If you are an existing Gravityscan user, your site is currently being scanned for these vulnerabilities. You can try out our Pro service with a free 14 day trial.  This includes the full vulnerability details for each pro site that has ownership verified, the ability to speed up your scans, send SMS alerts and our awesome premium support.

Try out Gravityscan Pro  free for two weeks, on us!

Did you enjoy this post? Share it!


No Replies on "New This Week: December 22, 2017"

You must be a Gravityscan user to join the discussion. Register now or sign in if you already have an account.