WordPress vulnérabilités mai 2020

01 Juin WordPress vulnérabilités mai 2020

Ajouté le 07:13h in Sécurité by Jean-Francois Ranger

1 Like

Multi Scheduler <= 1.0.0 – Arbitrary Record Deletion via CSRF
MapPress Maps < 2.54.6 – Improper Capability Checks in AJAX Calls
bbPress < 2.6.5 – Authenticated Stored Cross-Site Scripting via the forums list table
bbPress 2.6-2.6.5 – Authenticated Privilege Escalation via the Super Moderator feature
bbPress < 2.6.5 – Unauthenticated Privilege Escalation when New User Registration enabled
Final Tiles Gallery < 3.4.19 – Authenticated Stored Cross-Site Scripting (XSS)
Page Builder: PageLayer – Drag and Drop website builder < 1.1.2 – CSRF leading to XSS
Page Builder: PageLayer – Drag and Drop website builder < 1.1.2 – Unprotected AJAX’s leading to XSS
Drag and Drop Multiple File Upload for Contact Form 7 < 1.3.3.3 – Unauthenticated File Upload Bypass
Form Maker by 10Web <= 1.13.35 – Authenticated SQL Injection
Official MailerLite Sign Up Forms < 1.4.5 – Multiple CSRF Issues
Official MailerLite Sign Up Forms < 1.4.4 – Unauthenticated SQL Injection
Add-on SweetAlert Contact Form 7 < 1.0.8 – Authenticated Stored Cross-Site Scripting (XSS)
ThirstyAffiliates < 3.9.3 – Authenticated Stored XSS
WP Frontend Profile < 1.2.2 – CSRF Check Incorrectly Implemented
Paid Memberships Pro < 2.3.3 – Authenticated SQL Injection
Ajax Load More < 5.3.2 – Authenticated SQL Injection
Visual Composer < 27.0 – Multiple Authenticated Cross-Site Scripting Issues
Team Members < 5.0.4 – Authenticated Stored Cross-Site Scripting (XSS)
Photo Gallery by 10Web < 1.5.55 – Unauthenticated SQL Injection
WP Product Review < 3.7.6 – Unauthenticated Stored Cross-Site Scripting (XSS)
Login/Signup Popup < 1.5 – Authenticated Stored Cross-Site Scripting (XSS)
Site Kit by Google < 1.8.0 – Privilege Escalation to gain Search Console Access
Easy Testimonials < 3.6 – Authenticated Stored Cross-Site Scripting (XSS)
WooCommerce < 4.1.0 – Unescaped Metadata when Duplicating Products
Page Builder by SiteOrigin < 2.10.16 – CSRF to Reflected Cross-Site Scripting (XSS)
Chopslider <= 3.4 – Unauthenticated Blind SQL Injection
Iframe < 4.5 – Authenticated Stored Cross Site Scripting (XSS)
Ultimate Addons for Elementor < 1.24.2 – Registration Bypass
Elementor Pro < 2.9.4 – Authenticated Arbitrary File Upload
Elementor < 2.9.8 – SVG Sanitizer Bypass leading to Authenticated Stored XSS
Advanced Order Export For WooCommerce < 3.1.4 – Authenticated Cross-Site Scripting (XSS)
WTI Like Post <= 1.4.5 – Authenticated Stored Cross-Site Scripting (XSS)

Jean-Francois Ranger

info@webloft.ca

Un peu geek, mais totalement sociable, je développe des sites Internet depuis plus de 20 ans. C’est donc dire que j’ai vu passer plusieurs courants et assisté à la naissance et à la mort de nombreuses technologies. Perfectionniste de nature, j’ai développé il y a plusieurs années mon propre gestionnaire de contenu, car les applications sur le marché n’apportaient pas la convivialité souhaitée. Aujourd’hui, je surfe sur la tendance et intègre 90 % des sites que je développe au gestionnaire de contenu WordPress.

WordPress vulnérabilités mai 2020

01 Juin WordPress vulnérabilités mai 2020

Jean-Francois Ranger

C’est quoi WordPress?

Parlons WordPress

Inscrivez-vous!

WordPress vulnérabilités mai 2020

01 Juin WordPress vulnérabilités mai 2020

Jean-Francois Ranger

C’est quoi WordPress?

Parlons WordPress

Réalisations (tags)

Inscrivez-vous!