Уязвимости, обнаруженные в плагинах WordPress c 21 по 25 марта 2022
43
Уязвимости, обнаруженные в плагинах WordPress c 21 по 25 марта 2022
Обновите или замените плагины:
❖ "Safe SVG" в версии <= 1.9.9 - SVG Sanitization Bypass vulnerability
❖ "KODO Qiniu" в версии <= 1.2.5 - Stored CrossSite Scripting (XSS) vulnerability
❖ "Daily Prayer Time" в версии <= 2021.10.29 - Unauthenticated SQL Injection (SQLi) vulnerability
❖ "Hummingbird" в версии <= 3.3.1 - Stored CrossSite Scripting (XSS) vulnerability
❖ "Product Table for WooCommerce" в версии <= 3.1.1 - Unauthenticated Arbitrary Function Call vulnerability
❖ "Ad Injection" в версии <= 1. 2.0.19 - Stored CrossSite Scripting (XSS) & RCE vulnerabilities
❖ "Amministrazione Aperta" в версии <= 3.7.3 - Local File Inclusion (LFI) vulnerability
❖ "Simple Event Planner" в версии <= 1.5.4 - Authenticated Stored CrossSite Scripting (XSS) vulnerability
❖ "Simple Event Planner" в версии <= 1.5.4 - Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities
❖ "Ninja Forms" в версии <= 3.6.7 - Unauthenticated Email Address Disclosure vulnerability
❖ "Loco Translate" в версии <= 2.6.0 - Authenticated Stored CrossSite Scripting (XSS) vulnerability
❖ "GS Variation Swatches for WooCommerce" в версии <= 1.5.0 - Reflected CrossSite Scripting (XSS) vulnerability
❖ "WP Downgrade" в версии <= 1.2.2 - Stored CrossSite Scripting (XSS) vulnerability
❖ "Easy Social Icons" в версии <= 3.2.0 - Unauthenticated Arbitrary Icon Deletion vulnerability
❖ "Easy Social Icons" в версии <= 3.2.0 - Stored CrossSite Scripting (XSS) vulnerability
❖ "Favicon" в версии <= 1.3.22 - Reflected CrossSite Scripting (XSS) vulnerability
❖ "WPvivid Backup and Migration" в версии <= 0.9.69 - Reflected CrossSite Scripting (XSS) vulnerability
❖ "Podcast Importer SecondLine" в версии <= 1.3.7 - SQL Injection (SQLi) vulnerability
❖ "Easy Smooth Scroll Links – Smooth Scrolling Anchor" в версии <= 2.23.0 - Stored CrossSite Scripting (XSS) vulnerability
❖ "Yoo Slider" в версии <= 2.0.0 - CrossSite Request Forgery (CSRF) vulnerability leading to slider Duplicate/Delete
❖ "Yoo Slider" в версии <= 2.0.0 - Stored CrossSite Scripting (XSS) vulnerability
❖ "Quick Adsense" в версии <= 2.8.1 - Post Stats Reset vulnerability
❖ "Export All URLs" в версии <= 4.1 - Reflected CrossSite Scripting (XSS) vulnerability
Репостните список товарищу с WordPress
#DrMax #WordPress #Vulnerability
Источник новости https://t.me/drmaxseo/30...