Dernières failles de sécurité plugins et thèmes WordPress
Il faut rapidement, vérifier les mises à jour de ces plugins/thèmes. Si aucune mise à jour, vous devez les supprimer de votre installation WordPress !
Failles WordPress :
- WordPress 5.2.2 – Cross-Site Scripting (XSS) in URL Sanitisation
- WordPress 5.2.2 – Authenticated Cross-Site Scripting (XSS) in Post Previews
- WordPress 5.2.2 – Cross-Site Scripting (XSS) in Dashboard
- WordPress 5.2.2 – Cross-Site Scripting (XSS) in Shortcode Previews
- WordPress 5.2.2 – Cross-Site Scripting (XSS) in Stored Comments
- WordPress 5.2.2 – Potential Open Redirect
- WordPress 3.9-5.1 – Comment Cross-Site Scripting (XSS)
Thèmes WordPress :
- Nexos – Real Estate 1.6 – SQL Injection & Persistent XSS
- Selio – Real Estate Directory 1.1 – SQL Injection & Persistent XSS
- Real Estate 7 2.9.0 – Stored XSS & IDOR
- Zoner – Real Estate 4.1 – Reflected & Stored XSS
- Traveler – Travel Booking WordPress Theme 2.7.1 – Reflected & Stored XSS
- JobCareer | Job Board Responsive WordPress Theme 2.5 – Stored XSS
- CarSpot Theme 2.1.6 – Authenticated Stored XSS
- Newspaper Theme 9.2.2 – Cross-Site Scripting (XSS)
- JobCareer | Job Board Responsive WordPress Theme 2.4 – User enumeration & Reset password
Plugins WordPress :
- All In One WP Security & Firewall 4.4.1 – Open Redirect & Hidden Login Page Exposure
- Export Users to CSV 1.4 – Unauthorised CSV Access
- Download Plugins and Themes from Dashboard 1.5.0 – Unauthenticated Stored XSS
- Theme Editor 2.1 – Multiple Vulnerabilities
- Visualizer 3.3.1 – Blind SSRF
- Visualizer 3.3.1 – Stored XSS
- GiveWp 2.5.5 – Authentication Bypass
La maintenance de votre site WordPress permet des mises à jour régulières afin d’éviter les bugs et les problèmes de piratage.
Nous solutions de maintenance WordPress à partir de 19€ ht/ mois