Failles et vulnérabilités de WordPress

Vulnérabilités WordPress 2021 semaine 21 via Patchstack

Blog Failles et vulnérabilités de WordPress Vulnérabilités WordPress 2021 semaine 21 via Patchstack
0 commentaire

Vulnérabilités découvertes dans les extensions, thèmes et coeur de WordPress du 24 au 30 mai 2021

iFlyChat – WordPress Chat

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Kishore Hariram in WordPress iFlyChat – WordPress Chat plugin (versions <= 4.6.4).



JNews

Reflected Cross-Site Scripting (XSS) vulnerability discovered by Truoc Phan in WordPress JNews premium theme (versions <= 8.0.5).



Cookie Law Bar

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Mesut Cetin in WordPress Cookie Law Bar plugin (versions <= 1.2.1).



SP Project & Document Manager

Authenticated Shell Upload discovered by Viktor Markopoulos (vict0ni) in WordPress SP Project & Document Manager plugin (versions <= 4.21).



Gallery from files

Unauthenticated Remote Code Execution (RCE) vulnerability discovered by WPScanTeam in WordPress Gallery from files plugin (versions <= 1.60).



Visitors

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Mesut Cetin in WordPress Visitors plugin (versions <= 0.3).



WC Marketplace

Unauthenticated Arbitrary Product Comment Posting vulnerability discovered by WPScanTeam in WordPress WC Marketplace plugin (versions <= 3.7.3).



Simple 301 Redirects – Addon – Bulk Uploader

Authenticated Wildcard Activation and Retrieval vulnerability discovered by WordFence in WordPress Simple 301 Redirects by BetterLinks plugin (versions <= 2.0.3 only versions 2.0.0 – 2.0.3).



Simple 301 Redirects – Addon – Bulk Uploader

Authenticated Arbitrary Plugin Installation/Activation vulnerability discovered by WordFence in WordPress Simple 301 Redirects by BetterLinks plugin (versions <= 2.0.3 only versions from 2.0.0 to 2.0.3).



Simple 301 Redirects – Addon – Bulk Uploader

Unauthenticated Redirect Import/Export vulnerability Allowing Total Site Redirection discovered by WordFence in WordPress Simple 301 Redirects by BetterLinks plugin (versions <= 2.0.3 only versions from 2.0.0 to 2.0.3).



Side Menu

Authenticated SQL Injection (SQLi) vulnerability discovered by Shreya Pohekar in WordPress Side Menu plugin (versions <= 3.1.3).



Xllentech English Islamic Calendar

Authenticated SQL Injection (SQLi) vulnerability discovered by Syed Sheeraz Ali in WordPress Xllentech English Islamic Calendar plugin (versions <= 2.6.7).



Stock in & out

Reflected Cross-Site Scripting (XSS) vulnerability discovered by Shreya Pohekar (Codevigilant Project) in WordPress Stock in & out plugin (versions <= 1.0.4).



Easy Preloader

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Kishore Hariram in WordPress Easy Preloader plugin (versions <= 1.0.0).



Sendit WP Newsletter

Authenticated SQL Injection (SQLi) vulnerability discovered by Shreya Pohekar in WordPress Sendit WP Newsletter plugin (versions <= 2.5.1).



XCloner Backup, Restore and Migrate

Authenticated SQL Injection (SQLi) vulnerability discovered by Ngo Van Thien (Sun* Research & Development) WordPress XCloner Backup, Restore and Migrate plugin (versions <= 4.2.161).



NinjaFirewall

Authenticated PHAR Deserialization vulnerability discovered by Chloe Chamberland in WordPress NinjaFirewall plugin (versions <= 4.3.3).


Tenez vous à jour !

Merci à Patchstack.com

0 commentaire