Обзор уязвимостей в мире WordPress за апрель 2021 года
Обзор любезно предоставлен сервисом WPVulnDB, за что им отдельное спасибо.
Уязвимости ядра
- WordPress 5.6-5.7 – Authenticated XXE Within the Media Library Affecting PHP 8
- WordPress 4.7-5.7 – Authenticated Password Protected Pages Exposure
Уязимости в плагинах
- Download Manager < 3.1.19 – Authenticated (author+) PHP4 File Upload to RCE
- Download Manager < 3.1.22 – Plugin Settings Change via CSRF
- Download Manager < 3.1.23 – Unauthorised Asset Manager Usage
- Give WP < 2.10.4 – Authenticated Stored Cross-Site Scripting (XSS)
- AcyMailing < 7.5.0 – Unauthenticated Open Redirect
- WPGraphQL <= 1.3.5 – Denial of Service
- WP Fastest Cache < 0.9.1.7 – Authenticated Arbitrary File Deletion via Path Traversal
- Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 – Contributor+ Stored XSS
- Store Locator Plus <= 5.5.14 – Authenticated Privilege Escalation
- Store Locator Plus <= 5.5.15 – Unauthenticated Stored Cross-Site Scripting (XSS)
- Car Seller – Auto Classifieds Script <= 2.1.0 – Unauthenticated SQL Injection
- Software License Manager < 4.4.6 – CSRF to Stored XSS
- Select All Categories and Taxonomies < 1.3.2 – Reflected Cross-Site Scripting (XSS)
- Redirect 404 to Parent < 1.3.1 – Reflected Cross-Site Scripting (XSS)
- Multiple WP-Buy Plugins – Arbitrary Plugin Installation/Activation via Low Privilege User
- Multiple WP-Buy Plugins – Arbitrary Plugin Installation/Activation via CSRF
- Woocommerce < 5.2.0 – Authenticated Stored Cross-Site Scripting (XSS)
- iThemes Security Free (< 7.9.1) & Pro (< 6.8.4) – Hide Backend Bypass
- RSS for Yandex Turbo < 1.30 – Authenticated Stored Cross-Site Scripting (XSS)
- Accordion < 2.2.30 – Authenticated Reflected Cross-Site Scripting (XSS)
- Kaswara Modern VC Addons (0-day) – Unauthenticated Arbitrary File Upload
- Redirection for Contact Form 7 < 2.3.4 – Unprotected AJAX Actions
- Redirection for Contact Form 7 < 2.3.4 – Authenticated Arbitrary Post Deletion
- Redirection for Contact Form 7 < 2.3.4 – Authenticated PHP Object Injection
- Redirection for Contact Form 7 < 2.3.4 – Authenticated Arbitrary Plugin Installation
- Redirection for Contact Form 7 < 2.3.4 – Unauthenticated Arbitrary Nonce Generation
- Photo Gallery < 1.5.69 – Multiple Reflected Cross-Site Scripting (XSS)
- Contact Form by Supsystic < 1.7.15 – Reflected Cross-Site scripting (XSS)
- Popup by Supsystic < 1.10.5 – Reflected Cross-Site scripting (XSS)
- Ultimate Maps by Supsystic < 1.2.5 – Reflected Cross-Site scripting (XSS)
- WordPress Download Manager < 3.1.18 – Unauthorised Download Duplication
- 404 SEO Redirection <= 1.3 – CSRF to Stored Cross-Site Scripting (XSS)
- 404 SEO Redirection <= 1.3 – Reflected Cross-Site Scripting (XSS)
- All 404 Redirect to Homepage < 1.21 – Reflected Cross-Site Scripting (XSS)
- SEO Redirection < 6.4 – Authenticated Stored Cross-Site Scripting (XSS)
- Edwiser Bridge < 2.0.7 – CSRF Nonce Bypass
- Outdated php-mod/curl Library – Unauthenticated Reflected Cross-Site Scripting (XSS)
- Easy Digital Downloads < 2.10.3 – Unauthorised Stripe Disconnect via CSRF
- Clever Addons for Elementor < 2.1.0 – Contributor+ Stored XSS
- User Rights Access Manager < 1.0.4 – Improper Access Controls
- Fitness Calculators < 1.9.6 – Cross-Site Request Forgery to Cross-Site Scripting (XSS)
- BuddyPress < 7.3.0 – Multiple Authenticated REST API Vulnerabilities
- Ultimate Addons for Elementor < 1.30.0 – Contributor+ Stored XSS
- DethemeKit For Elementor < 1.5.5.5 – Contributor+ Stored XSS
- Sina Extension for Elementor < 3.3.12 – Contributor+ Stored XSS
- JetWidgets For Elementor < 1.0.9 – Contributor+ Stored XSS
- All-in-One Addons for Elementor – WidgetKit < 2.3.10 – Contributor+ Stored XSS
- The Plus Addons for Elementor Page Builder Lite < 2.0.6 – Contributor+ Stored XSS
- Rife Elementor Extensions & Templates < 1.1.6 – Contributor+ Stored XSS
- Image Hover Effects – Elementor Addon < 1.3.4 – Contributor+ Stored XSS
- PowerPack Addons for Elementor < 2.3.2 – Contributor+ Stored XSS
- WooLentor – WooCommerce Elementor Addons + Builder < 1.8.6 – Contributor+ Stored XSS
- HT Mega – Absolute Addons for Elementor Page Builder < 1.5.7 – Contributor+ Stored XSS
- Livemesh Addons for Elementor < 6.8 – Contributor+ Stored XSS
- Elementor Addon Elements < 1.11.2 – Contributor+ Stored XSS
- ElementsKit and ElementsKit Pro < 2.2.0 – Contributor+ Stored XSS
- Premium Addons for Elementor < 4.2.8 – Contributor+ Stored Cross-Site Scripting (XSS)
- Elementor – Header, Footer & Blocks Template < 1.5.8 – Contributor+ Stored XSS
- Essential Addons for Elementor < 4.5.4 – Contributor+ Stored Cross-Site Scripting (XSS)
- Business Directory Plugin < 5.11.2 – Arbitrary Payment History Update
- Business Directory Plugin < 5.11.2 – Arbitrary Listing Export
- Business Directory Plugin < 5.11.2 – Authenticated Stored Cross-Site Scripting
- College Publisher Import <= 0.1 – Arbitrary File Upload to RCE
- Business Directory Plugin < 5.11.1 – Authenticated PHP4 Upload to RCE
- Business Directory Plugin < 5.11.1 – Arbitrary Add/Edit/Delete Form Field to Stored XSS
- Business Directory Plugin < 5.11 – Arbitrary File Upload to RCE
- Classyfrieds <= 3.8 – Authenticated Arbitrary File Upload to RCE
- Event Banner <= 1.3 – Arbitrary File Upload to RCE
- Contact Form Check Tester <= 1.0.2 – Broken Access Control to Cross-Site Scripting (XSS)
- Larsens Calender <= 1.2 – Stored Cross-Site Scripting (XSS)
- WorkScout Core < 1.3.4 – Authenticated Stored XSS & XFS
- Imagements <= 1.2.5 – Unauthenticated Arbitrary File Upload to RCE
- Stop Spammers < 2021.9 – Reflected Cross-Site Scripting (XSS)
- OpenID Connect Generic Client 3.8.0-3.8.1 – Reflected Cross Site Scripting (XSS) via Login Error
- WPBakery Page Builder Clipboard < 4.5.8 – Unauthorised Arbitrary License Options Update
- Simple Membership < 4.0.4 – Authenticated SQL Injections
- Tutor LMS < 1.8.8 – Authenticated Local File Inclusion
- WPBakery Page Builder Clipboard < 4.5.6 – Subscriber+ Stored Cross-Site Scripting (XSS)
- Pie Register < 3.7.0.1 – Reflected Cross-Site Scripting (XSS)
- Business Hours Pro <= 5.5.0 – Unauthenticated Arbitrary File Upload to RCE
- Erident Custom Login and Dashboard < 3.5.9 – Authenticated Stored Cross-Site Scripting (XSS)
Уязвимости в темах
- Goto < 2.1 – Unauthenticated Blind SQL Injection
- WorkScout Core < 1.3.4 – Authenticated Stored XSS & XFS