Обзор уязвимостей в мире WordPress за май 2021 года
Обзор любезно предоставлен сервисом WPVulnDB, за что им отдельное спасибо.
Уязвимости ядра WordPress
Уязвимые плагины под WordPress
- FooGallery < 2.0.35 — Authenticated Stored Cross-Site Scripting
- Yes/No Chart < 1.0.12 — Authenticated (contributor+) Blind SQL Injection
- The Plus Addons for Elementor Page Builder < 4.1.10 — Open Redirect
- The Plus Addons for Elementor Page Builder < 4.1.11 — Arbitrary Reset Pwd Email Sending
- The Plus Addons for Elementor < 4.1.12 — Reflected Cross-Site Scripting (XSS)
- NinjaFirewall < 4.3.4 — Authenticated (admin+) PHAR Deserialization
- Xllentech English Islamic Calendar < 2.6.8 — Authenticated SQL Injection
- Side Menu < 3.1.5 — Authenticated (admin+) SQL Injection
- Stock in & out <= 1.0.4 — Reflected Cross-Site Scripting (XSS)
- Sendit WP Newsletter <= 2.5.1 — Authenticated (admin+) SQL Injection
- Visitors <= 0.3 — Unauthenticated Stored Cross-Site Scripting (XSS)
- Simple 301 Redirects by BetterLinks — 2.0.0 – 2.0.3 — Arbitrary Plugin Activation
- Simple 301 Redirects by BetterLinks — 2.0.0 – 2.0.3 — Update and Retrieve Wildcard Value
- Simple 301 Redirects by BetterLinks — 2.0.0 – 2.0.3 — Arbitrary Plugin Installation
- Simple 301 Redirects by BetterLinks — 2.0.0 – 2.0.3 — Unauthenticated Redirect Import
- Simple 301 Redirects by BetterLinks — 2.0.0 – 2.0.3 — Unauthenticated Redirect Export
- Gallery From Files <= 1.6.0 — Reflected Cross-Site Scripting (XSS)
- Gallery From Files <= 1.6.0 — Unauthenticated RCE
- Multivendor Marketplace Solution for WooCommerce < 3.7.4 — Unauthenticated Arbitrary Product Comment
- Cookie Law Bar <= 1.2.1 — Authenticated Stored Cross-Site Scripting (XSS)
- SP Project & Document Manager <= 4.21 — Authenticated Shell Upload
- Easy Preloader <= 1.0.0 — Authenticated Stored Cross-Site Scripting (XSS)
- iFlyChat – WordPress Chat <= 4.6.4 — Authenticated Stored Cross-Site Scripting (XSS)
- Video Embed <= 1.0 — Authenticated (subscriber+) SQL Injection
- FlightLog <= 3.0.2 — Authenticated (editor+) SQL Injection
- WP Statistics < 13.0.8 — Unauthenticated SQL Injection
- WP Prayer < 1.6.2 — Authenticated Stored Cross-Site Scripting (XSS)
- CM Registration Pro < 3.2.1 — PHP Object Injection
- Instant Images WordPress Plugin < 4.4.0.1 — Authenticated Stored XSS & XFS
- Smooth Scroll Page Up/Down Buttons < 1.4 — Authenticated Stored XSS
- Funnel Builder by CartFlows < 1.6.13 — Authenticated Stored XSS via FB Pixel ID and Google Analytics ID
- Database Backup for WordPress < 2.4 — Authenticated Persistent Cross-Site Scripting (XSS)
- WP Super Cache < 1.7.3 — Authenticated Remote Code Execution
- External Media < 1.0.34 — Authenticated Arbitrary File Upload
- Weekly Schedule < 3.4.3 — Authenticated Stored XSS
- Photo Gallery < 1.5.67 — Authenticated Stored Cross-Site Scripting via Gallery Title
- LifterLMS < 4.21.1 — Reflected Cross-Site Scripting (XSS) via Coupon Code in Checkout
- LifterLMS < 4.21.1 — Authenticated Stored XSS in Edit Profile
- All in One SEO Pack < 4.1.0.2 — Admin RCE via unserialize
- ReDi Restaurant Reservations < 21.0426 — Unauthenticated Stored Cross-Site Scripting (XSS)
- Simple Giveaways < 2.36.2 — Unauthenticated Reflected Cross-Site Scripting (XSS)
- ThemeHigh WooCommerce Wishlist and Comparison < 1.0.5 — Unauthorised AJAX call
- Zlick Paywall < 2.2.2 — CSRF Bypasses
- Autoptimize < 2.8.4 — Authenticated Stored Cross-Site Scripting (XSS)
- Ultimate Member < 2.1.20 — Authenticated Reflected Cross-Site Scripting (XSS)
- UltimateWoo <= 0.1.10 — PHP Object Injection
- DSGVO All in one for WP < 4.0 — Unauthenticated Stored Cross-Site Scripting (XSS)
- Leads-5050 Visitor Insights < 1.0.4 — Unauthenticated License Change
- Leads-5050 Visitor Insights < 1.1.0 — Unauthorised License Change
- PickPlugins Product Slider for WooCommerce < 1.13.22 — Reflected Cross-Site Scripting (XSS)
- Target First Plugin 2.0 — Unauthenticated Stored XSS via Licence Key
- Hana Flv Player <= 3.1.3 — Authenticated Stored Cross-Site Scripting (XSS)
- Parcel Tracker eCourier < 1.0.2 — Plugin’s Settings Update via CSRF
- Ship To Ecourier < 1.0.2 — Plugin’s Settings Update via CSRF
- Simple Admin Language Change < 2.0.2 — Arbitrary User Locale Change
- Hotjar Connecticator <= 1.1.1 — Authenticated Stored Cross-Site Scripting (XSS)
- WP Customer Reviews < 3.5.6 — Authenticated Stored Cross-Site Scripting (XSS)
- Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 — Unauthenticated Blind SQL Injection
Уязвимые темы под WordPress
- JNews < 8.0.6 — Reflected Cross-Site Scripting (XSS)
- Car Repair Services < 4.0 — Unauthenticated Reflected XSS & XFS
- Mediumish <= 1.0.47 — Unauthenticated Reflected Cross-Site Scripting (XSS)
- Listeo < 1.6.11 — Multiple XSS & XFS vulnerabilities
- Listeo < 1.6.11 — Multiple Authenticated IDOR Vulnerabilities
- Bello < 1.6.0 — Authenticated Cross-Site Scripting (XSS) and XFS
- Bello < 1.6.0 — Unauthenticated Reflected XSS & XFS
- Bello < 1.6.0 — Unauthenticated Blind SQL Injection
- Goto < 2.1 — Reflected Cross-Site Scripting (XSS)