| | |

WordPress Plugins, Themes, Core – Sicherheitslücken 2021

fotografiert von Gabriele Lässer
801 7214

Kalenderwoche 46

Plugins

18.11.2021 WP User Frontend < 3.5.25 – Admin+ SQL Injection
18.11.2021 Easy Registration Forms <= 2.1.1 – CSRF to Stored Cross-Site Scripting
18.11.2021 Directorist – Business Directory Plugin < 7.0.6.2 – CSRF to Remote File Upload
18.11.2021 WP Reset Pro < 5.99 – Subscriber+ Database Reset
18.11.2021 WP Reset Pro < 5.99 – Database Reset via CSRF

17.11.2021 Login/Signup Popup < 2.2 – Reflected Cross-Site Scripting
17.11.2021 Preview E-mails for WooCommerce < 2.0.0 – Reflected Cross-Site Scripting

16.11.2021 Push Notifications for WordPress (Lite) < 6.0.1 – Settings Update via CSRF
16.11.2021 SportsPress < 2.7.9 – Reflected Cross-Site Scripting

15.11.2021 Inspirational Quote Rotator <= 1.0.0 – Admin+ Stored Cross-Site Scripting
15.11.2021 Quotes Collection <= 2.5.2 – Admin+ SQL Injection
15.11.2021 User Meta Shortcodes <= 0.5 – Contributor+ Unauthorized Arbitrary User Metadata Access
15.11.2021 ToTop Link <= 1.7.1 – Unauthenticated PHP Object Injection
15.11.2021 Display Post Metadata <= 1.4.0 – Contributor+ Stored Cross-Site Scripting
15.11.2021 Mediamatic <= 2.7 – Subscriber+ SQL Injection
15.11.2021 Improved Include Page <= 1.2 – Contributor+ Arbitrary Posts/Pages Access
15.11.2021 Page/Post Content Shortcode <= 1.0 – Contributor+ Arbitrary Posts/Pages Access
15.11.2021 WP Limits <= 1.0 – Plugin’s Settings Update via CSRF
15.11.2021 Filter Portfolio Gallery <= 1.5 – Arbitrary Gallery Deletion via CSRF
15.11.2021 Shiny Buttons <= 1.1.0 – Unauthenticated Stored Cross-Site Scripting
15.11.2021 Contact Form Advanced Database <= 1.0.8 – Unauthorised AJAX Calls
15.11.2021 WP Admin Logo Changer <= 1.0 – Plugin’s Settings Update via CSRF
15.11.2021 Flex Local Fonts <= 1.0.0 – Admin+ Stored Cross-Site-Scripting
15.11.2021 Single Post Exporter <= 1.1.1 – Plugin’s Settings Update via CSRF
15.11.2021 Pixel Cat Lite < 2.6.3 – Admin+ Stored Cross-Site Scripting
15.11.2021 WP System Log < 1.0.21 – Unauthenticated Stored Cross-Site Scripting
15.11.2021 SEO Booster <= 3.7 – Admin+ SQL Injection
15.11.2021 NEX-Forms <= 7.9.4 – Multiple Admin+ Stored Cross-Site Scripting
15.11.2021 Ultimate NoFollow <= 1.4.8 – Contributor+ Stored Cross-Site Scripting
15.11.2021 Auto Featured Image < 3.9.3 – Reflected Cross-Site Scripting
15.11.2021 Modern Events Calendar Lite < 6.1.5 – Reflected Cross-Site Scripting
15.11.2021 Modern Events Calendar < 6.1.5 – Unauthenticated Blind SQL Injection
15.11.2021 ProfilePress < 3.2.3 – Reflected Cross-Site Scripting
15.11.2021 ProfilePress < 3.2.3 – Reflected Cross-Site Scripting
15.11.2021 Temporary Login Without Password < 1.7.1 – Subscriber+ Plugin’s Settings Update
15.11.2021 StopBadBots < 6.67 – Unauthenticated SQL Injection
15.11.2021 All-In-One-Gallery < 2.5.0 – Admin+ Local File Inclusion
15.11.2021 Pixel Cat Lite < 2.6.2 – CSRF to Stored Cross-Site Scripting

Kommentarformular bitte nicht für Supportanfragen verwenden

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.