SEOFAQ Telegram, маркетинг и SEO Канал SEOFAQT в мессенджере Telegram

Все чатыУязвимости, обнаруженные в плагинах WordPress c 14 по 20 марта 2022

 9  


Уязвимости, обнаруженные в плагинах WordPress c 14 по 20 марта 2022

Обновите или замените плагины:

❖ "FV Flowplayer Video Player" в версии <= 7.5.15.727 - SQL Injection (SQLi) vulnerability

❖ "Download Manager" в версии <= 3.2.38 - Unauthenticated Brute Force of Files Master Key vulnerability

❖ "iQ Block Country" в версии <= 1.2.12 - Arbitrary File Deletion vulnerability via Zip Slip

❖ "Responsive Menu" в версии <= 4.1.7 - Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability

❖ "LearnPress" в версии <= 4.1.5 - Reflected CrossSite Scripting (XSS) vulnerability

❖ "StopBadBots" в версии <= 6.92 - Unauthenticated SQL Injection (SQLi) vulnerability

❖ "Post Grid" в версии <= 2.1.15 - Reflected CrossSite Scripting (XSS) vulnerability

❖ "Super Socializer" в версии <= 7.13.29 - Reflected CrossSite Scripting (XSS) vulnerability

❖ "Sassy Social Share" в версии <= 3.3.39 - Reflected CrossSite Scripting (XSS) vulnerability

❖ "Rearrange Woocommerce Products" в версии <= 4.0.2 - SQL Injection (SQLi) vulnerability

❖ "Grid KIT Portfolio" в версии <= 2.0.0 - Stored CrossSite Scripting (XSS) vulnerability

❖ "NS WooCommerce Watermark" в версии <= 2.11.3 - Abuse of Functionality vulnerability

❖ "Easy Social Icons" в версии <= 3.1.4 - Stored CrossSite Scripting (XSS) vulnerability

❖ "Ad Inserter" в версии <= 2.7.11 - Reflected CrossSite Scripting (XSS) vulnerability

❖ "Dropdown Menu Widget" в версии <= 1.9.7 - Arbitrary Settings Update leading to Stored CrossSite Scripting (XSS) vulnerability

❖ "File Manager" в версии <= 5.2.2 - Arbitrary File Creation/Upload/Deletion vulnerability

❖ "KingComposer" в версии <= 2.9.6 - Stored CrossSite Scripting (XSS) vulnerability

❖ "Stripe Payments" в версии <= 2.0.53 - CrossSite Request Forgery (CSRF) vulnerability

❖ "MapPress Maps for WordPress" в версии <= 2.73.12 - Admin+ File Upload leading to Remote Code Execution vulnerability

❖ "Ad Inserter Pro" в версии <= 2.7.11 - Reflected CrossSite Scripting (XSS) vulnerability

❖ "Amelia" в версии <= 1.0.47 - SMS Service Abuse and Sensitive Data Disclosure vulnerability

❖ "Amelia" в версии <= 1.0.48 - Arbitrary Appointments Status Update vulnerability

❖ "Members List" в версии <= 4.3.0 - Reflected CrossSite Scripting (XSS) vulnerability

❖ "Mark Posts" в версии <= 2.0.0 - Stored CrossSite Scripting (XSS) vulnerability

Репостните список товарищу с WordPress

#DrMax #WordPress #Vulnerability

Источник новости https://t.me/drmaxseo/21...