01 Nov WordPress vulnérabilités octobre 2020

Ajouté le 10:40h in Sécurité by Jean-Francois Ranger

1 Like

WordPress < 5.5.2 – Cross-Site Request Forgery (CSRF) to Change Theme Background
WordPress < 5.5.2 – Protected Meta That Could Lead to Arbitrary File Deletion
WordPress < 5.5.2 – Stored XSS in Post Slugs
WordPress < 5.5.2 – DoS Attack Could Lead to RCE
WordPress < 5.5.2 – XML-RPC Privilege Escalation
WordPress < 5.5.2 – Cross-Site Scripting (XSS) via Global Variables
WordPress < 5.5.2 – Disable Spam Embeds from Disabled Sites on a Multisite Network
WordPress < 5.5.2 – Hardening Deserialization Requests

WordPress Plugin Vulnerabilities

SW Ajax WooCommerce Search < 1.2.8 – Unauthenticated Reflected XSS & XFS
Advanced Booking Calendar < 1.6.2 – Unauthenticated SQL Injection
CM Download Manager < 2.8.0 – Authenticated Cross-Site Scripting
Loginizer < 1.6.4 – Unauthenticated SQL Injection
Helios Solutions Brand Logo Slider <= 2.1 – Authenticated Arbitrary File Upload
SuperStoreFinder Plugins – Unauthenticated Arbitrary File Upload
Simple Download Monitor < 3.8.9 – SQL Injection
Simple Download Monitor < 3.8.9 – Unauthenticated Cross-Site Scripting
TI WooCommerce Wishlist < 1.21.12 – Authenticated WP Options Change
Comment Press < 2.7.2 – Unauthenticated Cross-Frame Scripting
Realia <= 1.4 – Unauthenticated IDOR leading to Arbitrary Post Deletion
Quick Chat <= 4.14 – Authenticated Stored Cross-Site Scripting
Quick Chat <= 4.14 – Unauthenticated Stored Cross-Site Scripting
Child Theme Creator by Orbisius < 1.5.2 – CSRF to Arbitrary File Modification/Creation
Live Chat – Live support < 3.2.0 – Cross-Site Request Forgery
PowerPress < 8.3.8 – Authenticated Arbitrary File Upload leading to RCE
Dynamic Content for Elementor < 1.9.6 – Authenticated RCE
HyperComments <= 1.2.2 – Unauthenticated Arbitrary File Deletion
WPBakery Page Builder < 6.4.1 – Authenticated Stored Cross-Site Scripting (XSS)
Post Grid < 2.0.73 & Team Showcase < 1.22.16 – PHP Object Injection
Post Grid < 2.0.73 & Team Showcase < 1.22.16 – Authenticated Stored Cross-Site Scripting (XSS)
WordPress + Microsoft Office 365 < 11.7 – JWT Signature Verification Bypass

WordPress Theme Vulnerabilities

Greenmart < 2.5.2 – Unauthenticated Reflected Cross-Site Scripting (XSS)
Greenmart < 2.4.3 – Reflected Cross-Site Scripting (XSS)
Multiple Themes – Unauthenticated Function Injection

Jean-Francois Ranger

info@webloft.ca

Un peu geek, mais totalement sociable, je développe des sites Internet depuis plus de 20 ans. C’est donc dire que j’ai vu passer plusieurs courants et assisté à la naissance et à la mort de nombreuses technologies. Perfectionniste de nature, j’ai développé il y a plusieurs années mon propre gestionnaire de contenu, car les applications sur le marché n’apportaient pas la convivialité souhaitée. Aujourd’hui, je surfe sur la tendance et intègre 90 % des sites que je développe au gestionnaire de contenu WordPress.

WordPress vulnérabilités octobre 2020

01 Nov WordPress vulnérabilités octobre 2020

WordPress Core Vulnerabilities

WordPress Plugin Vulnerabilities

WordPress Theme Vulnerabilities

Jean-Francois Ranger

C’est quoi WordPress?

Parlons WordPress

Inscrivez-vous!

WordPress vulnérabilités octobre 2020

01 Nov WordPress vulnérabilités octobre 2020

WordPress Core Vulnerabilities

WordPress Plugin Vulnerabilities

WordPress Theme Vulnerabilities

Jean-Francois Ranger

C’est quoi WordPress?

Parlons WordPress

Réalisations (tags)

Inscrivez-vous!