Обзор уязвимостей в мире WordPress за апрель 2021 года
Обзор любезно предоставлен сервисом WPVulnDB, за что им отдельное спасибо.
Уязвимости ядра
- WordPress 5.6-5.7 — Authenticated XXE Within the Media Library Affecting PHP 8
- WordPress 4.7-5.7 — Authenticated Password Protected Pages Exposure
Уязимости в плагинах
- Download Manager < 3.1.19 — Authenticated (author+) PHP4 File Upload to RCE
- Download Manager < 3.1.22 — Plugin Settings Change via CSRF
- Download Manager < 3.1.23 — Unauthorised Asset Manager Usage
- Give WP < 2.10.4 — Authenticated Stored Cross-Site Scripting (XSS)
- AcyMailing < 7.5.0 — Unauthenticated Open Redirect
- WPGraphQL <= 1.3.5 — Denial of Service
- WP Fastest Cache < 0.9.1.7 — Authenticated Arbitrary File Deletion via Path Traversal
- Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 — Contributor+ Stored XSS
- Store Locator Plus <= 5.5.14 — Authenticated Privilege Escalation
- Store Locator Plus <= 5.5.15 — Unauthenticated Stored Cross-Site Scripting (XSS)
- Car Seller — Auto Classifieds Script <= 2.1.0 — Unauthenticated SQL Injection
- Software License Manager < 4.4.6 — CSRF to Stored XSS
- Select All Categories and Taxonomies < 1.3.2 — Reflected Cross-Site Scripting (XSS)
- Redirect 404 to Parent < 1.3.1 — Reflected Cross-Site Scripting (XSS)
- Multiple WP-Buy Plugins — Arbitrary Plugin Installation/Activation via Low Privilege User
- Multiple WP-Buy Plugins — Arbitrary Plugin Installation/Activation via CSRF
- Woocommerce < 5.2.0 — Authenticated Stored Cross-Site Scripting (XSS)
- iThemes Security Free (< 7.9.1) & Pro (< 6.8.4) — Hide Backend Bypass
- RSS for Yandex Turbo < 1.30 — Authenticated Stored Cross-Site Scripting (XSS)
- Accordion < 2.2.30 — Authenticated Reflected Cross-Site Scripting (XSS)
- Kaswara Modern VC Addons (0-day) — Unauthenticated Arbitrary File Upload
- Redirection for Contact Form 7 < 2.3.4 — Unprotected AJAX Actions
- Redirection for Contact Form 7 < 2.3.4 — Authenticated Arbitrary Post Deletion
- Redirection for Contact Form 7 < 2.3.4 — Authenticated PHP Object Injection
- Redirection for Contact Form 7 < 2.3.4 — Authenticated Arbitrary Plugin Installation
- Redirection for Contact Form 7 < 2.3.4 — Unauthenticated Arbitrary Nonce Generation
- Photo Gallery < 1.5.69 — Multiple Reflected Cross-Site Scripting (XSS)
- Contact Form by Supsystic < 1.7.15 — Reflected Cross-Site scripting (XSS)
- Popup by Supsystic < 1.10.5 — Reflected Cross-Site scripting (XSS)
- Ultimate Maps by Supsystic < 1.2.5 — Reflected Cross-Site scripting (XSS)
- WordPress Download Manager < 3.1.18 — Unauthorised Download Duplication
- 404 SEO Redirection <= 1.3 — CSRF to Stored Cross-Site Scripting (XSS)
- 404 SEO Redirection <= 1.3 — Reflected Cross-Site Scripting (XSS)
- All 404 Redirect to Homepage < 1.21 — Reflected Cross-Site Scripting (XSS)
- SEO Redirection < 6.4 — Authenticated Stored Cross-Site Scripting (XSS)
- Edwiser Bridge < 2.0.7 — CSRF Nonce Bypass
- Outdated php-mod/curl Library — Unauthenticated Reflected Cross-Site Scripting (XSS)
- Easy Digital Downloads < 2.10.3 — Unauthorised Stripe Disconnect via CSRF
- Clever Addons for Elementor < 2.1.0 — Contributor+ Stored XSS
- User Rights Access Manager < 1.0.4 — Improper Access Controls
- Fitness Calculators < 1.9.6 — Cross-Site Request Forgery to Cross-Site Scripting (XSS)
- BuddyPress < 7.3.0 — Multiple Authenticated REST API Vulnerabilities
- Ultimate Addons for Elementor < 1.30.0 — Contributor+ Stored XSS
- DethemeKit For Elementor < 1.5.5.5 — Contributor+ Stored XSS
- Sina Extension for Elementor < 3.3.12 — Contributor+ Stored XSS
- JetWidgets For Elementor < 1.0.9 — Contributor+ Stored XSS
- All-in-One Addons for Elementor — WidgetKit < 2.3.10 — Contributor+ Stored XSS
- The Plus Addons for Elementor Page Builder Lite < 2.0.6 — Contributor+ Stored XSS
- Rife Elementor Extensions & Templates < 1.1.6 — Contributor+ Stored XSS
- Image Hover Effects — Elementor Addon < 1.3.4 — Contributor+ Stored XSS
- PowerPack Addons for Elementor < 2.3.2 — Contributor+ Stored XSS
- WooLentor — WooCommerce Elementor Addons + Builder < 1.8.6 — Contributor+ Stored XSS
- HT Mega — Absolute Addons for Elementor Page Builder < 1.5.7 — Contributor+ Stored XSS
- Livemesh Addons for Elementor < 6.8 — Contributor+ Stored XSS
- Elementor Addon Elements < 1.11.2 — Contributor+ Stored XSS
- ElementsKit and ElementsKit Pro < 2.2.0 — Contributor+ Stored XSS
- Premium Addons for Elementor < 4.2.8 — Contributor+ Stored Cross-Site Scripting (XSS)
- Elementor — Header, Footer & Blocks Template < 1.5.8 — Contributor+ Stored XSS
- Essential Addons for Elementor < 4.5.4 — Contributor+ Stored Cross-Site Scripting (XSS)
- Business Directory Plugin < 5.11.2 — Arbitrary Payment History Update
- Business Directory Plugin < 5.11.2 — Arbitrary Listing Export
- Business Directory Plugin < 5.11.2 — Authenticated Stored Cross-Site Scripting
- College Publisher Import <= 0.1 — Arbitrary File Upload to RCE
- Business Directory Plugin < 5.11.1 — Authenticated PHP4 Upload to RCE
- Business Directory Plugin < 5.11.1 — Arbitrary Add/Edit/Delete Form Field to Stored XSS
- Business Directory Plugin < 5.11 — Arbitrary File Upload to RCE
- Classyfrieds <= 3.8 — Authenticated Arbitrary File Upload to RCE
- Event Banner <= 1.3 — Arbitrary File Upload to RCE
- Contact Form Check Tester <= 1.0.2 — Broken Access Control to Cross-Site Scripting (XSS)
- Larsens Calender <= 1.2 — Stored Cross-Site Scripting (XSS)
- WorkScout Core < 1.3.4 — Authenticated Stored XSS & XFS
- Imagements <= 1.2.5 — Unauthenticated Arbitrary File Upload to RCE
- Stop Spammers < 2021.9 — Reflected Cross-Site Scripting (XSS)
- OpenID Connect Generic Client 3.8.0-3.8.1 — Reflected Cross Site Scripting (XSS) via Login Error
- WPBakery Page Builder Clipboard < 4.5.8 — Unauthorised Arbitrary License Options Update
- Simple Membership < 4.0.4 — Authenticated SQL Injections
- Tutor LMS < 1.8.8 — Authenticated Local File Inclusion
- WPBakery Page Builder Clipboard < 4.5.6 — Subscriber+ Stored Cross-Site Scripting (XSS)
- Pie Register < 3.7.0.1 — Reflected Cross-Site Scripting (XSS)
- Business Hours Pro <= 5.5.0 — Unauthenticated Arbitrary File Upload to RCE
- Erident Custom Login and Dashboard < 3.5.9 — Authenticated Stored Cross-Site Scripting (XSS)
Уязвимости в темах
- Goto < 2.1 — Unauthenticated Blind SQL Injection
- WorkScout Core < 1.3.4 — Authenticated Stored XSS & XFS