fotografiert von Gabriele Lässer
801 7214
| | |

WordPress Plugins, Themes, Core – Sicherheitslücken 2021

Liste wird laufend aktualisiert.

Betroffen? – Dann umgehend verfügbares Update machen. Falls es kein Update gibt, betroffene Komponente am besten gegen eine vergleichbare austauschen oder löschen.

Kalenderwoche 52

Plugins

30.12.2021 Link Library < 7.2.9 – Reflected Cross-Site Scripting
30.12.2021 Link Library < 7.2.8 – Library Settings Reset via CSRF
30.12.2021 Link Library < 7.2.8 – Unauthenticated Arbitrary Links Deletion
30.12.2021 Custom Dashboard & Login Page < 7.0 – Admin+ Stored Cross-Site Scripting

29.12.2021 Learning Courses < 5.0 – Admin+ Stored Cross-Site Scripting
29.12.2021 Error Log Viewer <= 1.1.1 – Arbitrary Text File Deletion via CSRF

28.12.2021 UpdraftPlus < 1.16.67 – Reflected Cross-Site Scripting
28.12.2021 Registration Magic < 5.0.1.9 – Reflected Cross-Site Scripting
28.12.2021 WOOF – Products Filter for WooCommerce < 1.2.6.3 – Reflected Cross-Site Scripting
28.12.2021 LabTools <= 1.0 – Subscriber+ Arbitrary Publication Deletion
28.12.2021 Domain Check <= 1.0.16 – Reflected Cross-Site Scripting

27.12.2021 Registrations for the Events Calendar < 2.7.10 – Reflected Cross-Site Scripting
27.12.2021 WP Post Page Clone < 1.2 – Unauthorised Post Access
27.12.2021 Tutor LMS < 1.9.12 – Subscriber+ Stored Cross-Site Scripting
27.12.2021 WP Extra File Types < 0.5.1 – CSRF to Stored Cross-Site Scripting
27.12.2021 AF Companion 1.1.0 – 1.1.2 – Arbitrary Plugin Installation & Activation via CSRF
27.12.2021 Tutor LMS < 1.9.12 – Reflected Cross-Site Scripting
27.12.2021 Ultimate FAQ < 2.1.2 – Subscriber+ Arbitrary FAQ Creation
27.12.2021 Code Snippets < 2.14.3 – Reflected Cross-Site Scripting
27.12.2021 Qubely < 1.7.8 – Subscriber+ Arbitrary Post Deletion
27.12.2021 myCred < 2.4 – Reflected Cross-Site Scripting
27.12.2021 Image Hover Effects Ultimate < 9.7.1 – Reflected Cross-Site Scripting
27.12.2021 Orders Tracking for WooCommerce < 1.1.10 – Reflected Cross-Site Scripting
27.12.2021 WebP Converter for Media < 4.0.3 – Unauthenticated Open redirect
27.12.2021 WP User Frontend < 3.5.26 – SQL Injection to Reflected Cross-Site Scripting
27.12.2021 Registration Magic < 5.0.1.9 – Reflected Cross-Site Scripting
27.12.2021 WP Cookie User Info <= 1.0.8 – Admin+ SQL Injection

Kommentarformular bitte nicht für Supportanfragen verwenden

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.