Vulnérabilité WordPress Plugins mars 2021

Dernières failles de sécurité plugins et WordPress

Plusieurs nouvelles vulnérabilités de plugins et de thèmes WordPress ont été révélées au cours de mars 2021, nous voulons donc vous tenir au courant. Dans cet article, nous abordons les vulnérabilités de plugins et de thèmes WordPress récents

Il faut rapidement,  vérifier les mises à jour de ces plugins/thèmes. Si aucune mise à jour, vous devez les supprimer de votre installation WordPress !.

WordPress Plugin Vulnerabilities

• Woocommerce Customers Manager < 26.6 – Authenticated Reflected Cross-Site Scripting (XSS)
  
• Woocommerce Customers Manager < 26.6 – Arbitrary Account Creation/Update via CSRF
  
• Ivory Search < 4.6.1 – Reflected Cross Site Scripting (XSS)
  
• Cooked Pro < 1.7.5.6 – Unauthenticated Reflected Cross Site Scripting (XSS)
  
• Advanced Booking Calendar < 1.6.8 – Authenticated Reflected Cross-Site Scripting (XSS)
  
• Controlled Admin Access < 1.5.6 – Improper Access Control to Privilege Escalation
  
• Advanced Booking Calendar < 1.6.7 – Authenticated Reflected Cross-Site Scripting (XSS)
  
• Easy Form Builder <= 1.0 – Unauthorised AJAX calls
  
• AccessAlly < 3.5.7 – $_SERVER Superglobal Leakage
  
• Patreon WordPress < 1.7.2 – Reflected XSS on patreon_save_attachment_patreon_level AJAX action
  
• Patreon WordPress < 1.7.2 – Reflected XSS on Login Form
  
• Patreon WordPress < 1.7.0 – CSRF to Disconnect Sites From Patreon
  
• Patreon WordPress < 1.7.0 – CSRF to Overwrite/Create User Meta
  
• Patreon WordPress < 1.7.0 – Unauthenticated Local File Disclosure
  
• Easy Form Builder <= 1.0 – Authenticated Arbitrary File Upload
  
• N5 Upload Form <= 1.0 – Unauthenticated Arbitrary File Upload to RCE
  
• WP-Curricul Vitea Free <= 6.3 – Unauthenticated Arbitrary File Upload to RCE
  
• Quiz And Survey Master < 7.1.14 – Authenticated SQL injection via Rest API
  
• Quiz And Survey Master < 7.1.12 – Authenticated SQL injection via shortcode
  
• Vertical News Scroller < 1.17 – Authenticated Reflected Cross-Site Scripting (XSS)
  
• Facebook for WordPress < 3.0.0 – PHP Object Injection with POP Chain
  
• Facebook for WordPress 3.0.0-3.0.3 – CSRF to Stored XSS and Settings Deletion
  
• All Thrive Themes and Plugins – Unauthenticated Option Update
  
• MapifyLife <= 3.3.0 – Authenticated Stored Cross-Site Scripting (XSS)
  
• SecuPress < 2.0 – Unauthenticated Arbitrary IP Ban
  
• Mapplic and Mapplic Lite – SSRF to Stored Cross-Site Scripting (XSS)
  
• GiveWP < 2.10.0 – Reflected Cross Site Scripting (XSS)
  
• Controlled Admin Access < 1.5.2 – Improper Access Control & Privilege Escalation
  
• WooCommerce Help Scout < 2.9.1 – Unauthenticated Arbitrary File Upload leading to RCE
  
• WordPress Related Posts <= 3.6.4 – Authenticated Stored Cross-Site Scripting (XSS)
  
• PhastPress < 1.111 – Open Redirect
  
• WP Page Builder < 1.2.4 – Multiple Stored Cross-Site scripting (XSS)
  
• WP Page Builder < 1.2.4 – Insecure default configuration Allows Subscribers Editing Access to Posts
  
• Elementor < 3.1.2 – Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget
  
• Elementor < 3.1.2 – Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget
  
• Elementor < 3.1.2 – Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget
  
• Elementor < 3.1.2 – Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget
  
• Elementor < 3.1.2 – Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget
  
• Elementor < 3.1.2 – Authenticated Stored Cross-Site Scripting (XSS) in Column Element
  
• BuddyPress < 7.2.1 – Invite Member to Join Group
  
• BuddyPress < 7.2.1 – Manage BuddyPress Member Types
  
• BuddyPress < 7.2.1 – Read Private Messages
  
• BuddyPress < 7.2.1 – Force a Friendship
  
• BuddyPress < 7.2.1 – REST API Privilege Escalation
  
• Paid Membership Pro < 2.5.6 – Authenticated SQL Injection
  
• wpDataTables < 3.4.2 – Blind SQL Injection via length Parameter
  
• wpDataTables < 3.4.2 – Blind SQL Injection via start Parameter
  
• wpDataTables < 3.4.2 – Improper Access Control leading to Table Data Deletion
  
• wpDataTables < 3.4.2 – Improper Access Control leading to Table Permission Takeover
  
• Flo Forms < 1.0.36 – Authenticated Options Change to Stored XSS
  
• SEO Redirection <= 6.3 – Authenticated Reflected Cross-Site Scripting (XSS)
  
• WP Super Cache < 1.7.2 – Authenticated Remote Code Execution (RCE)
  
• Tutor LMS < 1.8.3 – SQL Injection via tutor_answering_quiz_question/get_answer_by_id
  
• Tutor LMS < 1.7.7 – SQL Injection via tutor_place_rating
  
• Tutor LMS < 1.7.7 – Unprotected AJAX including Privilege Escalation
  
• Tutor LMS < 1.8.3 – SQL Injection via tutor_quiz_builder_get_question_form
  
• Tutor LMS < 1.8.3 – SQL Injection via tutor_quiz_builder_get_answers_by_question
  
• Tutor LMS < 1.7.7 – SQL Injection via tutor_mark_answer_as_correct
  
• Related Posts for WordPress < 2.0.4 – Authenticated Reflected Cross-Site Scripting (XSS)
  
• Social Slider Widget < 1.8.5 – Authenticated Reflected Cross-Site Scripting (XSS)
  
• VM Backups <= 1.0 – CSRF to Stored Cross-Site Scripting (XSS)
  
• VM Backups <= 1.0 – CSRF to Database Backup Download
  
• JH 404 Logger <= 1.1 – Unauthenticated Stored Cross-Site Scripting (XSS)
  
• Five Star Restaurant Menu < 2.2.1 – Unauthenticated PHP Object Injection
  
• Database Backups <= 1.2.2.6 – CSRF to Backup Download
  
• SuperStoreFinder & SuperInteractiveMaps – Unauthenticated SQL Injections
  
• The Plus Addons for Elementor Page Builder < 4.1.7 – Authentication Bypass
  
• WooCommerce Upload Files < 59.4 – Unauthenticated Arbitrary File Upload
  
• User Profile Picture < 2.5.0 – Sensitive Information Disclosure
  
• Advanced Order Export For WooCommerce < 3.1.8 – Reflected Cross-Site Scripting (XSS)
  
• WP GDPR Compliance < 1.5.6 – Unauthenticated Stored Cross-Site Scripting (XSS)
  
• Multiple Plugins – CSRF Nonce Bypasses
  

WordPress Theme Vulnerabilities

• Goto – Tour & Travel < 2.0 – Unauthenticated Reflected XSS
  
• Business Directory <= 1.2.0 – Unauthenticated Reflected Cross-Site Scripting (XSS)
  
• All Thrive Themes Legacy Themes < 2.0.0 – Unauthenticated Arbitrary File Upload and Option Deletion
  
• All Thrive Themes and Plugins – Unauthenticated Option Update

Ce qu’il faut faire

Les vulnérabilités n’ont pas été corrigées. Gardez un œil sur le journal des modifications pour une mise à jour qui inclut un correctif.

La maintenance de votre site WordPress permet des mises à jour régulières afin d’éviter les bugs et les problèmes de piratage.

Nous solutions de maintenance WordPress à partir de 34€ ht/ mois 

source : WPScan