Failles et vulnérabilités de WordPress

Vulnérabilités WordPress 2021 semaine 22 via Patchstack

Blog Failles et vulnérabilités de WordPress Vulnérabilités WordPress 2021 semaine 22 via Patchstack
0 commentaire

Vulnérabilités découvertes dans les extensions, thèmes et coeur de WordPress du 31 mai au 06 juin 2021

Event Calendar WD

Cross-Site Scripting (XSS) vulnerability discovered in WordPress Event Calendar WD plugin (versions <= 1.1.44).



Yes/No Chart

Authenticated Blind SQL Injection (SQLi) vulnerability discovered by Apple502j in WordPress Yes/No Chart plugin (versions <= 1.0.11).



FooGallery

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by avolume in WordPress FooGallery plugin (versions <= 2.0.30).



Quiz And Survey Master

Reflected Cross-Site Scripting (XSS) vulnerability discovered by renniepak in WordPress Quiz And Survey Master plugin (versions <= 7.1.17).



All 404 Redirect to Homepage

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress All 404 Redirect to Homepage plugin (versions <= 1.21).



Fancy Product Designer

Unauthenticated Arbitrary File Upload and Remote Code Execution (RCE) vulnerabilities discovered by WordFence in WordPress Fancy Product Designer premium plugin (versions <= 4.6.8).



MC4WP

Authenticated Arbitrary Redirect vulnerability discovered by WPScanTeam in WordPress MC4WP plugin (versions <= 4.8.4).



MC4WP

Unauthorised Actions via Cross-Site Request Forgery (CSRF) vulnerability discovered by WPScanTeam in WordPress MC4WP plugin (versions <= 4.8.4).



Jetpack

Page/Post Attachment Comment Leak Of Not Published Post And Pages in Carousel Feature discovered by nguyenhg_vcs in WordPress Jetpack plugin (versions <= 9.7.1).



GetPaid

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Jörg Steinsträter in WordPress GetPaid plugin (versions <= 2.3.3).



Quiz And Survey Master

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Quiz And Survey Master plugin (versions <= 7.1.18).



Real Estate 7

Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered by m0ze (Patchstack Red Team) in WordPress Real Estate 7 premium theme (versions <= 3.1.0). Vulnerable parameter: "&ct_community=".



Kiwi

Unauthenticated WordPress Options Change/Read vulnerability discovered by NinTechNet in WordPress Kiwi Social Sharing plugin (versions <= 2.1.0).


Tenez vous à jour !

Merci à Patchstack.com

0 commentaire