Havonta szeretnénk veletek megosztani azokat a plugineket, amelyek biztonsági rést tartalmaznak, ezért azokat minél előbb frissíteni kell. Hangsúlyoznánk, hogy a friss WordPress telepítés, frissített sablonnal és pluginnekkel, valamint a megfelelő biztonsági szabályok betartása mellett lehet stabil és jól működő és a támadások ellen védett. Ha szükséged lenne szakszerű segítségre vedd fel velünk a kapcsolatot és kérj ajánlatot havi, féléves vagy éves frissítési szolgáltatásunkra.
WordPress Plugin Vulnerabilities / WordPress Bővítmények biztonsági kockázatai
- Recall Products <= 0.8 – Authenticated Cross-Site Scripting
- Recall Products <= 0.8 – Authenticated SQL Injection
- WP Smart CRM & Invoices FREE <= 1.8.7 – Authenticated Stored Cross-Site Scripting
- Ceceppa Multilingua <= 1.5.17 – Authenticated Reflected Cross-Site Scripting
- Bulk Change <= 1.0 – Authenticated Reflected Cross-Site Scripting
- WP Floating Menu < 1.4.1 – Authenticated Reflected Cross-Site Scripting
- Subscribe Sidebar <= 1.3.1 – Authenticated Reflected Cross-Site Scripting
- Quiz and Survey Master < 7.0.2 – Unauthenticated Arbitrary File Upload
- FooGallery < 1.9.25 – Authenticated Cross-Site Scripting (XSS)
- Autoptimize < 2.7.7 – Authenticated Arbitrary File Upload
- RSVPMaker < 7.8.2 – Unauthenticated SQL Injection
- WooCommerce – NAB Transact < 2.1.2 – Payment Bypass
- Contact Form – Form builder by Kali Forms < 2.1.2 – Multiple CSRF Bypass Issues
- Contact Form – Form builder by Kali Forms < 2.1.2 – Authenticated Plugin’s Settings Change
- Contact Form – Form builder by Kali Forms < 2.1.2 – Unauthenticated Arbitrary Post Deletion
- Advanced Access Manager < 6.6.2 – Authenticated Information Disclosure
- Advanced Access Manager < 6.6.2 – Authenticated Authorization Bypass and Privilege Escalation
- Discount Rules for WooCommerce < 2.1.0 – Multiple Vulnerabilities
- WP Customer Reviews < 3.4.3 – Multiple Unauthenticated and Low Priv Authenticated Stored XSS
- Elegant Testimonial <= 1.1.6 – Multiple Authenticated Stored Cross-Site Scripting
- Click to Top <= 1.2.7 – Authenticated Stored Cross-Site Scripting
- Change WordPress Login Logo <= 1.1.4 – Authenticated Stored Cross-Site Scripting
- Internal Links Manager <= 2.0.2 – Multiple Authenticated Stored Cross-Site Scripting
- Fancy Lightbox < 1.0.2 – Authenticated Stored Cross-Site Scripting
- Easy Media Download < 1.1.5 – Authenticated Stored Cross-Site Scripting
- NextGEN Gallery Sell Photo <= 1.0.4 – Authenticated Stored Cross-Site Scripting
- Responsive Lightbox2 < 1.0.3 – Authenticated Stored Cross-Site Scripting
- Colorbox Lightbox <= 1.1.2 – Authenticated Stored Cross-Site Scripting
- Sell Photo <= 1.0.5 – Authenticated Stored Cross-Site Scripting
- Sell Media < 2.4.2 – Unauthenticated Reflected Cross-Site Scripting (XSS)
- Quiz and Survey Master < 7.0.1 – Arbitrary File Upload
- Quiz and Survey Master < 7.0.1 – Unauthenticated Arbitrary File Deletion
- Ultimate Member < 2.1.7 – Unauthenticated Open Redirect
- Very Simple Quiz – Multiple Authenticated Stored Cross-Site Scripting (XSS)
- Admin Menu <= 1.1 – Authenticated Cross-Site Scripting (XSS)
- Cardoza WordPress Poll <= 36 – Authenticated SQL Injection
- Ultimate Appointment Booking & Scheduling < 1.1.10 – Authenticated Cross-Site Scripting (XSS)
- RSS Feed Widget < 2.8.1 – Authenticated Cross-Site Scripting (XSS)
- File Manager < 6.5 – Backup File Directory Listing
- The Official WordPress Facebook Chat Plugin < 1.6 – Authenticated Options Change to Chat Takeover
- CMP – Coming Soon & Maintenance < 3.8.2 – Improper Access Controls on AJAX Calls
- Elegant Themes (Divi 3.0 – 4.5.2, Extra 2.0 – 4.5.2, Divi Builder 2.0 – 4.5.2) – Authenticated Arbitrary File Upload
- Newsletter < 6.8.2 – Authenticated PHP Object Injection
- Newsletter < 6.8.2 – Authenticated Cross-Site Scripting (XSS)
- Product Input Fields for WooCommerce < 1.2.7 – Unauthenticated File Download
WordPress Theme Vulnerabilities / WordPres Témák biztonsági kockázatai
- Home Villas <= 2.2 – Multiple Cross-Site Scripting Issues
- Geo Magazine <= 2.0 – Unauthenticated Reflected XSS
- Nova Lite < 1.3.9 – Unauthenticated Reflected Cross-Site Scripting (XSS)
- Konzept < 2.5 – Unauthenticated Reflected XSS
- FoodBakery < 2.0 – Unauthenticated Reflected XSS
- Elegant Themes (Divi 3.0 – 4.5.2, Extra 2.0 – 4.5.2, Divi Builder 2.0 – 4.5.2) – Authenticated Arbitrary File Upload
A felsorolt pluginek és témák közül mi 1-et használunk egyes ügyfeleinknél, de ezeket mindig frissítjük. Az aktuális frissítésekről a WordFence és/vagy a ManageWP szolgáltatásai révén értesülünk és tesszük meg a szükséges lépéseket.
0 hozzászólás