WordPress Plugins, Themes, Core – Sicherheitslücken 2021

801 7214 — **fotografiert von Gabriele Lässer**

31. Dezember 2021

unter

Kalenderwoche 46

Plugins

18.11.2021 WP User Frontend < 3.5.25 – Admin+ SQL Injection
18.11.2021 Easy Registration Forms <= 2.1.1 – CSRF to Stored Cross-Site Scripting
18.11.2021 Directorist – Business Directory Plugin < 7.0.6.2 – CSRF to Remote File Upload
18.11.2021 WP Reset Pro < 5.99 – Subscriber+ Database Reset
18.11.2021 WP Reset Pro < 5.99 – Database Reset via CSRF

17.11.2021 Login/Signup Popup < 2.2 – Reflected Cross-Site Scripting
17.11.2021 Preview E-mails for WooCommerce < 2.0.0 – Reflected Cross-Site Scripting

16.11.2021 Push Notifications for WordPress (Lite) < 6.0.1 – Settings Update via CSRF
16.11.2021 SportsPress < 2.7.9 – Reflected Cross-Site Scripting

15.11.2021 Inspirational Quote Rotator <= 1.0.0 – Admin+ Stored Cross-Site Scripting
15.11.2021 Quotes Collection <= 2.5.2 – Admin+ SQL Injection
15.11.2021 User Meta Shortcodes <= 0.5 – Contributor+ Unauthorized Arbitrary User Metadata Access
15.11.2021 ToTop Link <= 1.7.1 – Unauthenticated PHP Object Injection
15.11.2021 Display Post Metadata <= 1.4.0 – Contributor+ Stored Cross-Site Scripting
15.11.2021 Mediamatic <= 2.7 – Subscriber+ SQL Injection
15.11.2021 Improved Include Page <= 1.2 – Contributor+ Arbitrary Posts/Pages Access
15.11.2021 Page/Post Content Shortcode <= 1.0 – Contributor+ Arbitrary Posts/Pages Access
15.11.2021 WP Limits <= 1.0 – Plugin’s Settings Update via CSRF
15.11.2021 Filter Portfolio Gallery <= 1.5 – Arbitrary Gallery Deletion via CSRF
15.11.2021 Shiny Buttons <= 1.1.0 – Unauthenticated Stored Cross-Site Scripting
15.11.2021 Contact Form Advanced Database <= 1.0.8 – Unauthorised AJAX Calls
15.11.2021 WP Admin Logo Changer <= 1.0 – Plugin’s Settings Update via CSRF
15.11.2021 Flex Local Fonts <= 1.0.0 – Admin+ Stored Cross-Site-Scripting
15.11.2021 Single Post Exporter <= 1.1.1 – Plugin’s Settings Update via CSRF
15.11.2021 Pixel Cat Lite < 2.6.3 – Admin+ Stored Cross-Site Scripting
15.11.2021 WP System Log < 1.0.21 – Unauthenticated Stored Cross-Site Scripting
15.11.2021 SEO Booster <= 3.7 – Admin+ SQL Injection
15.11.2021 NEX-Forms <= 7.9.4 – Multiple Admin+ Stored Cross-Site Scripting
15.11.2021 Ultimate NoFollow <= 1.4.8 – Contributor+ Stored Cross-Site Scripting
15.11.2021 Auto Featured Image < 3.9.3 – Reflected Cross-Site Scripting
15.11.2021 Modern Events Calendar Lite < 6.1.5 – Reflected Cross-Site Scripting
15.11.2021 Modern Events Calendar < 6.1.5 – Unauthenticated Blind SQL Injection
15.11.2021 ProfilePress < 3.2.3 – Reflected Cross-Site Scripting
15.11.2021 ProfilePress < 3.2.3 – Reflected Cross-Site Scripting
15.11.2021 Temporary Login Without Password < 1.7.1 – Subscriber+ Plugin’s Settings Update
15.11.2021 StopBadBots < 6.67 – Unauthenticated SQL Injection
15.11.2021 All-In-One-Gallery < 2.5.0 – Admin+ Local File Inclusion
15.11.2021 Pixel Cat Lite < 2.6.2 – CSRF to Stored Cross-Site Scripting

vielleicht auch interessant:

Bitte Kommentarfunktion nicht für Supportanfragen nutzen. Dem kann hier nicht entsprochen werden. Die Angabe einer E-Mail-Adresse und eines Namens ist nicht erforderlich. Einen (Spitz)-Namen zu nennen wäre aber doch nett.

publicly queryable

WordPress Plugins, Themes, Core – Sicherheitslücken 2021

Kalenderwoche 46

Plugins

Schreibe einen Kommentar Antworten abbrechen

WordPress Plugins, Themes, Core – Sicherheitslücken 2021

Kalenderwoche 46

Plugins

Wie ändert man die Admin-E-Mail-Adresse in WordPress, ohne dass sie bestätigt werden muss?

widgets_init-Action create_function ersetzen durch weniger unsichere Methoden

Nach Änderung der Domains keine Anmeldung auf Hauptseite in Multisiteumgebung möglich

Schreibe einen Kommentar Antworten abbrechen