Havonta szeretnénk veletek megosztani azokat a plugineket, amelyek biztonsági rést tartalmaznak, ezért azokat minél előbb frissíteni kell. Hangsúlyoznánk, hogy a friss WordPress telepítés, frissített sablonnal és pluginnekkel, valamint a megfelelő biztonsági szabályok betartása mellett lehet stabil és jól működő és a támadások ellen védett. Ha szükséged lenne szakszerű segítségre vedd fel velünk a kapcsolatot és kérj ajánlatot havi, féléves vagy éves frissítési szolgáltatásunkra.
WordPress Plugin Vulnerabilities / WordPress Bővítmények biztonsági kockázatai
- Quiz And Survey Master < 7.0.0 – Authenticated Stored Cross-Site Scripting (XSS)
- Gallery PhotoBlocks < 1.2.0 – Authenticated Cross-Site Scripting (XSS)
- Comments – wpDiscuz 7.0.0 – 7.0.4 – Unauthenticated Arbitrary File Upload
- WooCommerce Subscriptions < 2.6.3 – Unauthenticated Stored Cross-Site Scripting (XSS)
- JobSearch < 1.5.6 – Unauthenticated Reflected XSS
- Social Sharing Plugin < 1.2.10 – Cross-Site Request Forgery in Settings
- TC Custom JavaScript < 1.2.2 – Unauthenticated Stored Cross-Site Scripting (XSS)
- JobSearch < 1.5.5 – Unauthenticated Reflected Cross-Site Scripting
- Email Subscribers & Newsletters < 4.5.1 – Authenticated SQL injection in es_newsletters_settings_
callback() - Email Subscribers & Newsletters < 4.5.1 – Cross-site Request Forgery in send_test_email()
- All in One SEO Pack < 3.6.2 – Authenticated Stored Cross-Site Scripting
- Email Verification for WooCommerce < 1.8.2 – Loose Comparison to Authentication Bypass
- SendPress Newsletter < 1.20.7.13 – Authenticated Stored Cross-Site Scripting (XSS)
- Form Maker by 10Web < 1.13.40 – Authenticated Reflected XSS
- Newsletter < 6.7.7 – Authenticated Stored Cross-Site Scripting
- WP-Live Chat by 3CX < 8.2.0 – Authenticated Stored Cross-Site Scripting
- SRS Simple Hits Counter <= 1.0.4 – Unauthenticated Blind SQL Injection
- Powie’s WHOIS Domain Check < 0.9.33 – Authenticated Stored Cross-Site Scripting
- Wise Chat < 2.8.4 – CSV Injection
- Knight Lab Timeline < 3.7.0.0 – Outdated TimelineJS library could Lead to Stored XSS
- KingComposer < 2.9.5 – Unauthenticated Reflected Cross-Site Scripting
- Adning Advertising < 1.5.6 – Unauthenticated Arbitrary File Upload/Deletion
- Security & Malware scan by CleanTalk < 2.51 – Security Nonce Leak leading to Unauthorised AJAX call
- JobSearch < 1.5.3 – Multiple Cross-Site Scripting Issues
- Testimonials Widget <= 3.5.1 – Multiple Authenticated Stored (XSS)
- Payment Form For Paypal Pro < 1.1.65 – Unauthenticated SQL Injection
- WPForms < 1.6.0.2 – Authenticated Stored Cross-Site Scripting (XSS)
WordPress Theme Vulnerabilities / WordPres Témák biztonsági kockázatai
- JobCareer < 3.5 – Multiple Cross-Site Scripting (XSS)
- Reality < 2.5.6 – Multiple Reflected Cross-Site Scripting (XSS)
- Real Estate 7 < 3.0.4 – Unauthenticated Reflected XSS
- CarePlus <= 1.2 – Unauthenticated Reflected Cross-Site Scripting (XSS)
- Careerfy < 4.4.0 – Unauthenticated Reflected XSS
- Careerfy < 4.3.0 – Unauthenticated Reflected Cross-Site Scripting
- Golo < 1.3.3 – Unauthenticated Reflected XSS
- Jetapo < 1.1 – Unauthenticated Reflected Cross-Site Scripting (XSS)
- Workio – Job Board < 1.0.3 – Unauthenticated Reflected XSS
- Workup – Job Board < 2.1.6 – Unauthenticated Reflected XSS
- Findgo – Directory Listing < 1.3.32 – Unauthenticated Reflected and Authenticated Stored XSS
- Prolisting – Directory Listing < 1.27 – Unauthenticated Reflected XSS
- Kormosala – Job Board < 1.0.23 – Unauthenticated Reflected XSS
- Findus – Directory Listing < 1.1.15 – Authenticated Persistent XSS
- InJob < 3.4.1 – Authenticated Reflected Cross-Site Scripting (XSS)
- Travel Booking < 2.8.4 – Unauthenticated Cross-Site Scripting (XSS)
- Travel Booking < 2.8.4 – Unauthenticated SQL Injection
- Monalisa < 2.1.3 – Unauthenticated Reflected Cross-Site Scripting (XSS)
- Careerfy < 4.1.0 – Multiple Cross-Site Scripting (XSS) Issues
- CareerUp < 2.3.1 – Unauthenticated Reflected Cross-Site Scripting
A felsorolt pluginek és témák közül mi 1-et használunk egyes ügyfeleinknél, de ezeket mindig frissítjük. Az aktuális frissítésekről a WordFence és/vagy a ManageWP szolgáltatásai révén értesülünk és tesszük meg a szükséges lépéseket.
- All in One SEO Pack
0 hozzászólás