Обзор уязвимостей в мире WordPress за март 2021 года
Обзор любезно предоставлен сервисом WPScan, за что им отдельное спасибо.
Уязвимые плагины под WordPress
- Woocommerce Customers Manager < 26.6 — Authenticated Reflected Cross-Site Scripting (XSS)
- Woocommerce Customers Manager < 26.6 — Arbitrary Account Creation/Update via CSRF
- Ivory Search < 4.6.1 — Reflected Cross Site Scripting (XSS)
- Cooked Pro < 1.7.5.6 — Unauthenticated Reflected Cross Site Scripting (XSS)
- Advanced Booking Calendar < 1.6.8 — Authenticated Reflected Cross-Site Scripting (XSS)
- Controlled Admin Access < 1.5.6 — Improper Access Control to Privilege Escalation
- Advanced Booking Calendar < 1.6.7 — Authenticated Reflected Cross-Site Scripting (XSS)
- Easy Form Builder <= 1.0 — Unauthorised AJAX calls
- AccessAlly < 3.5.7 — $_SERVER Superglobal Leakage
- Patreon WordPress < 1.7.2 — Reflected XSS on patreon_save_attachment_patreon_level AJAX action
- Patreon WordPress < 1.7.2 — Reflected XSS on Login Form
- Patreon WordPress < 1.7.0 — CSRF to Disconnect Sites From Patreon
- Patreon WordPress < 1.7.0 — CSRF to Overwrite/Create User Meta
- Patreon WordPress < 1.7.0 — Unauthenticated Local File Disclosure
- Easy Form Builder <= 1.0 — Authenticated Arbitrary File Upload
- N5 Upload Form <= 1.0 — Unauthenticated Arbitrary File Upload to RCE
- WP-Curricul Vitea Free <= 6.3 — Unauthenticated Arbitrary File Upload to RCE
- Quiz And Survey Master < 7.1.14 — Authenticated SQL injection via Rest API
- Quiz And Survey Master < 7.1.12 — Authenticated SQL injection via shortcode
- Vertical News Scroller < 1.17 — Authenticated Reflected Cross-Site Scripting (XSS)
- Facebook for WordPress < 3.0.0 — PHP Object Injection with POP Chain
- Facebook for WordPress 3.0.0-3.0.3 — CSRF to Stored XSS and Settings Deletion
- All Thrive Themes and Plugins — Unauthenticated Option Update
- MapifyLife <= 3.3.0 — Authenticated Stored Cross-Site Scripting (XSS)
- SecuPress < 2.0 — Unauthenticated Arbitrary IP Ban
- Mapplic and Mapplic Lite — SSRF to Stored Cross-Site Scripting (XSS)
- GiveWP < 2.10.0 — Reflected Cross Site Scripting (XSS)
- Controlled Admin Access < 1.5.2 — Improper Access Control & Privilege Escalation
- WooCommerce Help Scout < 2.9.1 — Unauthenticated Arbitrary File Upload leading to RCE
- WordPress Related Posts <= 3.6.4 — Authenticated Stored Cross-Site Scripting (XSS)
- PhastPress < 1.111 — Open Redirect
- WP Page Builder < 1.2.4 — Multiple Stored Cross-Site scripting (XSS)
- WP Page Builder < 1.2.4 — Insecure default configuration Allows Subscribers Editing Access to Posts
- Elementor < 3.1.2 — Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget
- Elementor < 3.1.2 — Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget
- Elementor < 3.1.2 — Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget
- Elementor < 3.1.2 — Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget
- Elementor < 3.1.2 — Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget
- Elementor < 3.1.2 — Authenticated Stored Cross-Site Scripting (XSS) in Column Element
- BuddyPress < 7.2.1 — Invite Member to Join Group
- BuddyPress < 7.2.1 — Manage BuddyPress Member Types
- BuddyPress < 7.2.1 — Read Private Messages
- BuddyPress < 7.2.1 — Force a Friendship
- BuddyPress < 7.2.1 — REST API Privilege Escalation
- Paid Membership Pro < 2.5.6 — Authenticated SQL Injection
- wpDataTables < 3.4.2 — Blind SQL Injection via length Parameter
- wpDataTables < 3.4.2 — Blind SQL Injection via start Parameter
- wpDataTables < 3.4.2 — Improper Access Control leading to Table Data Deletion
- wpDataTables < 3.4.2 — Improper Access Control leading to Table Permission Takeover
- Flo Forms < 1.0.36 — Authenticated Options Change to Stored XSS
- SEO Redirection <= 6.3 — Authenticated Reflected Cross-Site Scripting (XSS)
- WP Super Cache < 1.7.2 — Authenticated Remote Code Execution (RCE)
- Tutor LMS < 1.8.3 — SQL Injection via tutor_answering_quiz_question/get_answer_by_id
- Tutor LMS < 1.7.7 — SQL Injection via tutor_place_rating
- Tutor LMS < 1.7.7 — Unprotected AJAX including Privilege Escalation
- Tutor LMS < 1.8.3 — SQL Injection via tutor_quiz_builder_get_question_form
- Tutor LMS < 1.8.3 — SQL Injection via tutor_quiz_builder_get_answers_by_question
- Tutor LMS < 1.7.7 — SQL Injection via tutor_mark_answer_as_correct
- Related Posts for WordPress < 2.0.4 — Authenticated Reflected Cross-Site Scripting (XSS)
- Social Slider Widget < 1.8.5 — Authenticated Reflected Cross-Site Scripting (XSS)
- VM Backups <= 1.0 — CSRF to Stored Cross-Site Scripting (XSS)
- VM Backups <= 1.0 — CSRF to Database Backup Download
- JH 404 Logger <= 1.1 — Unauthenticated Stored Cross-Site Scripting (XSS)
- Five Star Restaurant Menu < 2.2.1 — Unauthenticated PHP Object Injection
- Database Backups <= 1.2.2.6 — CSRF to Backup Download
- SuperStoreFinder & SuperInteractiveMaps — Unauthenticated SQL Injections
- The Plus Addons for Elementor Page Builder < 4.1.7 — Authentication Bypass
- WooCommerce Upload Files < 59.4 — Unauthenticated Arbitrary File Upload
- User Profile Picture < 2.5.0 — Sensitive Information Disclosure
- Advanced Order Export For WooCommerce < 3.1.8 — Reflected Cross-Site Scripting (XSS)
- WP GDPR Compliance < 1.5.6 — Unauthenticated Stored Cross-Site Scripting (XSS)
- Multiple Plugins — CSRF Nonce Bypasses
Уязвимые темы под WordPress
- Goto — Tour & Travel < 2.0 — Unauthenticated Reflected XSS
- Business Directory <= 1.2.0 — Unauthenticated Reflected Cross-Site Scripting (XSS)
- All Thrive Themes Legacy Themes < 2.0.0 — Unauthenticated Arbitrary File Upload and Option Deletion
- All Thrive Themes and Plugins — Unauthenticated Option Update