Über dem Abgrund hängen
|

WordPress Plugins, Themes, Core – Sicherheitslücken 2022

Die Liste wird laufend aktualisiert.

Betroffen? – Dann umgehend verfügbares Update machen. Falls es kein Update gibt, betroffene Komponente am besten gegen eine vergleichbare austauschen oder löschen.

Kalenderwoche 21

Plugins

24.05.2022 WP Statistic < 13.2.2 – Admin+ Stored Cross-Site Scripting
24.05.2022 Rating by BestWebSoft <= 1.4 – Rating Denial of Service
24.05.2022 Ocean Extra < 1.9.5 – Reflected Cross-Site Scripting

23.05.2022 Genki Pre-Publish Reminder <= 1.4.1 – Stored XSS & RCE via CSRF
23.05.2022 Minimal Coming Soon – Coming Soon Page < 2.35 – Multiple Authenticated Stored XSS
23.05.2022 Core Control <= 1.2.1 – Arbitrary Settings Update via CSRF
23.05.2022 Sticky Popup <= 1.2 – Admin+ Stored Cross-Site Scripting
23.05.2022 Zephyr Project Manager < 3.2.41 – Reflected Cross-Site Scripting
23.05.2022 Keep Backup Daily < 2.0.3 – Reflected Cross-Site Scripting
23.05.2022 Filr – Secure Document Library < 1.2.2.1 – Subscriber+ AJAX Calls
23.05.2022 Like Button Rating < 2.6.45 – Arbitrary e-mail Sending
23.05.2022 Appointment Hour Booking < 1.3.56 – Admin+ Stored Cross-Site Scripting
23.05.2022 Static Page eXtended <= 2.1 – Arbitrary Settings Update via CSRF to Stored XSS
23.05.2022 WP-chgFontSize <= 1.8 – Arbitrary Settings Update via CSRF to Stored XSS
23.05.2022 Simple Membership < 4.1.1 – Reflected Cross-Site Scripting
23.05.2022 Sideblog <= 6.0 – Arbitrary Settings Update via CSRF to Stored XSS
23.05.2022 WP Admin Style <= 0.1.2 – Admin+ Stored Cross-Site Scripting
23.05.2022 Change Uploaded File Permissions <= 4.0.0 – File Permission Update via CSRF
23.05.2022 One Click Plugin Updater <= 2.4.14 – Arbitrary Settings Update via CSRF
23.05.2022 Peter’s Collaboration E-mails <= 2.2.0 – Arbitrary Settings Update via CSRF
23.05.2022 New User Email Set Up <= 0.5.2 – Arbitrary Settings Update via CSRF
23.05.2022 RB Internal Links <= 2.0.16 – Stored Cross-Site Scripting via CSRF
23.05.2022 Newsletter < 7.4.5 – Reflected Cross-Site Scripting
23.05.2022 KiviCare < 2.3.9 – Unauthenticated SQLi
23.05.2022 Quick Subscribe <= 1.7.1 – Arbitrary Settings Update via CSRF to Stored XSS
23.05.2022 Private Files <= 0.40 – Protection Disabling via CSRF
23.05.2022 Auto Delete Posts <= 1.3.0 – Arbitrary Settings Update via CSRF
23.05.2022 LaTeX for WordPress <= 3.4.10 – Arbitrary Settings Update via CSRF to Stored XSS
23.05.2022 postTabs <= 2.10.6 – Arbitrary Settings Update via CSRF to Stored XSS

Kommentarformular bitte nicht für Supportanfragen verwenden

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.