Havonta szeretnénk veletek megosztani azokat a plugineket, amelyek biztonsági rést tartalmaznak, ezért azokat minél előbb frissíteni kell. Hangsúlyoznánk, hogy a friss WordPress telepítés, frissített sablonnal és pluginnekkel, valamint a megfelelő biztonsági szabályok betartása mellett lehet stabil és jól működő és a támadások ellen védett. Ha szükséged lenne szakszerű segítségre vedd fel velünk a kapcsolatot és kérj ajánlatot havi, féléves vagy éves frissítési szolgáltatásunkra.
WordPress Core Vulnerabilities / WordPress Motor biztonsági kockázatai
WordPress Plugin Vulnerabilities / WordPress Bővítmények biztonsági kockázatai
- FooGallery < 2.0.35 – Authenticated Stored Cross-Site Scripting
- Yes/No Chart < 1.0.12 – Authenticated (contributor+) Blind SQL Injection
- The Plus Addons for Elementor Page Builder < 4.1.10 – Open Redirect
- The Plus Addons for Elementor Page Builder < 4.1.11 – Arbitrary Reset Pwd Email Sending
- The Plus Addons for Elementor < 4.1.12 – Reflected Cross-Site Scripting (XSS)
- NinjaFirewall < 4.3.4 – Authenticated (admin+) PHAR Deserialization
- Xllentech English Islamic Calendar < 2.6.8 – Authenticated SQL Injection
- Side Menu < 3.1.5 – Authenticated (admin+) SQL Injection
- Stock in & out <= 1.0.4 – Reflected Cross-Site Scripting (XSS)
- Sendit WP Newsletter <= 2.5.1 – Authenticated (admin+) SQL Injection
- Visitors <= 0.3 – Unauthenticated Stored Cross-Site Scripting (XSS)
- Simple 301 Redirects by BetterLinks – 2.0.0 – 2.0.3 – Arbitrary Plugin Activation
- Simple 301 Redirects by BetterLinks – 2.0.0 – 2.0.3 – Update and Retrieve Wildcard Value
- Simple 301 Redirects by BetterLinks – 2.0.0 – 2.0.3 – Arbitrary Plugin Installation
- Simple 301 Redirects by BetterLinks – 2.0.0 – 2.0.3 – Unauthenticated Redirect Import
- Simple 301 Redirects by BetterLinks – 2.0.0 – 2.0.3 – Unauthenticated Redirect Export
- Gallery From Files <= 1.6.0 – Reflected Cross-Site Scripting (XSS)
- Gallery From Files <= 1.6.0 – Unauthenticated RCE
- Multivendor Marketplace Solution for WooCommerce < 3.7.4 – Unauthenticated Arbitrary Product Comment
- Cookie Law Bar <= 1.2.1 – Authenticated Stored Cross-Site Scripting (XSS)
- SP Project & Document Manager <= 4.21 – Authenticated Shell Upload
- Easy Preloader <= 1.0.0 – Authenticated Stored Cross-Site Scripting (XSS)
- iFlyChat – WordPress Chat <= 4.6.4 – Authenticated Stored Cross-Site Scripting (XSS)
- Video Embed <= 1.0 – Authenticated (subscriber+) SQL Injection
- FlightLog <= 3.0.2 – Authenticated (editor+) SQL Injection
- WP Statistics < 13.0.8 – Unauthenticated SQL Injection
- WP Prayer < 1.6.2 – Authenticated Stored Cross-Site Scripting (XSS)
- CM Registration Pro < 3.2.1 – PHP Object Injection
- Instant Images WordPress Plugin < 4.4.0.1 – Authenticated Stored XSS & XFS
- Smooth Scroll Page Up/Down Buttons < 1.4 – Authenticated Stored XSS
- Funnel Builder by CartFlows < 1.6.13 – Authenticated Stored XSS via FB Pixel ID and Google Analytics ID
- Database Backup for WordPress < 2.4 – Authenticated Persistent Cross-Site Scripting (XSS)
- WP Super Cache < 1.7.3 – Authenticated Remote Code Execution
- External Media < 1.0.34 – Authenticated Arbitrary File Upload
- Weekly Schedule < 3.4.3 – Authenticated Stored XSS
- Photo Gallery < 1.5.67 – Authenticated Stored Cross-Site Scripting via Gallery Title
- LifterLMS < 4.21.1 – Reflected Cross-Site Scripting (XSS) via Coupon Code in Checkout
- LifterLMS < 4.21.1 – Authenticated Stored XSS in Edit Profile
- All in One SEO Pack < 4.1.0.2 – Admin RCE via unserialize
- ReDi Restaurant Reservations < 21.0426 – Unauthenticated Stored Cross-Site Scripting (XSS)
- Simple Giveaways < 2.36.2 – Unauthenticated Reflected Cross-Site Scripting (XSS)
- ThemeHigh WooCommerce Wishlist and Comparison < 1.0.5 – Unauthorised AJAX call
- Zlick Paywall < 2.2.2 – CSRF Bypasses
- Autoptimize < 2.8.4 – Authenticated Stored Cross-Site Scripting (XSS)
- Ultimate Member < 2.1.20 – Authenticated Reflected Cross-Site Scripting (XSS)
- UltimateWoo <= 0.1.10 – PHP Object Injection
- DSGVO All in one for WP < 4.0 – Unauthenticated Stored Cross-Site Scripting (XSS)
- Leads-5050 Visitor Insights < 1.0.4 – Unauthenticated License Change
- Leads-5050 Visitor Insights < 1.1.0 – Unauthorised License Change
- PickPlugins Product Slider for WooCommerce < 1.13.22 – Reflected Cross-Site Scripting (XSS)
- Target First Plugin 2.0 – Unauthenticated Stored XSS via Licence Key
- Hana Flv Player <= 3.1.3 – Authenticated Stored Cross-Site Scripting (XSS)
- Parcel Tracker eCourier < 1.0.2 – Plugin’s Settings Update via CSRF
- Ship To Ecourier < 1.0.2 – Plugin’s Settings Update via CSRF
- Simple Admin Language Change < 2.0.2 – Arbitrary User Locale Change
- Hotjar Connecticator <= 1.1.1 – Authenticated Stored Cross-Site Scripting (XSS)
- WP Customer Reviews < 3.5.6 – Authenticated Stored Cross-Site Scripting (XSS)
- Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 – Unauthenticated Blind SQL Injection
WordPress Theme Vulnerabilities / WordPres Témák biztonsági kockázatai
- JNews < 8.0.6 – Reflected Cross-Site Scripting (XSS)
- Car Repair Services < 4.0 – Unauthenticated Reflected XSS & XFS
- Mediumish <= 1.0.47 – Unauthenticated Reflected Cross-Site Scripting (XSS)
- Listeo < 1.6.11 – Multiple XSS & XFS vulnerabilities
- Listeo < 1.6.11 – Multiple Authenticated IDOR Vulnerabilities
- Bello < 1.6.0 – Authenticated Cross-Site Scripting (XSS) and XFS
- Bello < 1.6.0 – Unauthenticated Reflected XSS & XFS
- Bello < 1.6.0 – Unauthenticated Blind SQL Injection
- Goto < 2.1 – Reflected Cross-Site Scripting (XSS)
A felsorolt pluginek közül mi az All in One SEO Pack plugint használjuk. Az aktuális frissítésekről a WordFence és/vagy a ManageWP szolgáltatásai révén értesülünk és tesszük meg a szükséges lépéseket.
0 hozzászólás