Failles et vulnérabilités de WordPress

Vulnérabilités WordPress 2021 semaine 24 via Patchstack

Blog Failles et vulnérabilités de WordPress Vulnérabilités WordPress 2021 semaine 24 via Patchstack
0 commentaire

Vulnérabilités découvertes dans les extensions, thèmes et coeur de WordPress du 14 au 20 juin 2021

VikRentCar

Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) discovered by Satyender Yadav in WordPress VikRentCar plugin (versions <= 1.1.6).


BCS BatchLine Book Importer

Unauthenticated Product Import/Update vulnerability discovered in WordPress BCS BatchLine Book Importer plugin (versions <= 1.5.7).


WP SVG images

Authenticated Stored Cross-Site Scripting (XSS) vulnerability via uploaded SVG file discovered by Rasi in WordPress WP SVG images plugin (versions <= 3.3).


wpForo Forum

Open Redirect vulnerability discovered by Hosein Vita in WordPress wpForo Forum plugin (versions <= 1.9.6).


WooCommerce Stock Manager

Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload discovered by Chloe Chamberland (WordFence) in WordPress WooCommerce Stock Manager plugin (versions <= 2.5.7).


Jannah

Reflected Cross-Site Scripting (XSS) vulnerability discovered by Truoc Phan in WordPress Jannah premium theme (versions <= 5.4.4).


Request a Quote

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ajay Sandipan Thorbole in WordPress Request a Quote plugin (versions <= 2.3.0).


WP Reset

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by m0ze in WordPress WP Reset plugin (versions <= 1.86).


Filebird

Unauthenticated SQL Injection (SQLi) vulnerability discovered by Ravi Chandra in WordPress Filebird plugin (version 4.7.3).


Contact Form Plugin

Cross-Site Request Forgery (CSRF) vulnerability leading to stored Cross-Site Scripting (XSS) discovered by Ramuel Gall (WordFence) in WordPress Contact Form Plugin by Fluent Forms (versions <= 3.6.65).


404 to 301

Broken Access Control vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress 404 to 301 plugin (versions <= 3.0.7).


Tenez vous à jour !

Merci à Patchstack.com

0 commentaire