セキュリティ担当
先週は80件のプラグインで脆弱性が見つかっています。
脆弱性情報
危険度が高いものをピックアップしています。
リストにあるプラグインを使用している方は、アップデートしましょう。
- FluentForm(<= 5.1.18)
Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification vulnerability
危険度: 4.2 - Tutor LMS(<= 2.7.4)
Cross-Site Request Forgery via ‘addon_enable_disable’ vulnerability
危険度: 4.3 - Big File Uploads(<= 2.1.2)
Authenticated (Author+) Full Path Disclosure vulnerability
危険度: 4.3 - Revision Manager TMC(<= 2.8.19)
Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending vulnerability
危険度: 4.3 - Frontend Post Submission Manager Lite(<= 1.2.2)
Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability
危険度: 4.3 - Geo Controller(<= 8.6.9)
Multiple Missing Authorization vulnerability
危険度: 4.3 - DN Popup(<= 1.2.2)
Settings Update via CSRF vulnerability
危険度: 4.3 - Tourfic(<= 2.11.20)
Cross-Site Request Forgery in Multiple Functions vulnerability
危険度: 4.3 - EventPrime(<= 4.0.4.3)
Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure vulnerability
危険度: 5.3 - Cost Calculator Builder Pro(<= 3.1.96)
Unauthenticated Price Manipulation vulnerability
危険度: 5.3 - Remember Me Controls(<= 2.0.1)
Unauthenticated Full Path Disclosure vulnerability
危険度: 5.3 - S.A.F(<= 2.3.5)
IP Address Spoofing to Protection Mechanism Bypass vulnerability
危険度: 5.3 - Ivory Search(<= 5.5.6)
Information Exposure via AJAX Search Form vulnerability
危険度: 5.3 - Sensei LMS(< 4.24.2)
Unauthenticated Email Template Leak vulnerability
危険度: 5.3 - Web Application Firewall – website security(<= 2.1.2)
IP Address Spoofing to Protection Mechanism Bypass vulnerability
危険度: 5.3 - WP Cerber Security(<= 9.4)
IP Protection Bypass vulnerability
危険度: 5.3 - IP Vault – WP Firewall(<= 1.1)
IP Address Spoofing to Protection Mechanism Bypass vulnerability
危険度: 5.3 - AZIndex(<= 0.8.1)
Index Deletion via CSRF vulnerability
危険度: 5.4 - Form Vibes – Database Manager for Forms(<= 1.4.12)
Missing Authorization in Multiple Functions vulnerability
危険度: 5.4 - The Ultimate WordPress Toolkit – WP Extended(<= 3.0.8)
Insecure Direct Object Reference vulnerability
危険度: 5.4 - The Ultimate WordPress Toolkit – WP Extended(<= 3.0.8)
Missing Authorization to Admin Username Change vulnerability
危険度: 5.4 - The Events Calendar PRO(<= 7.0.2)
Authenticated (Administrator+) PHP Object Injection to Remote Code Execution vulnerability
危険度: 5.5 - Starbox(< 3.5.2)
Admin+ Stored XSS vulnerability
危険度: 5.9 - Floating Contact Button(< 2.8)
Admin+ Stored XSS vulnerability
危険度: 5.9 - Community by PeepSo(<= 6.4.5.0)
Authenticated (Administrator+) Stored Cross-Site Scripting via content Parameter vulnerability
危険度: 5.9 - Pocket Widget(<= 0.1.3)
Admin+ Stored XSS vulnerability
危険度: 5.9 - EventON(< 2.2.17)
Admin+ Stored XSS vulnerability
危険度: 5.9 - Popup Maker(< 1.19.1)
Admin+ Stored XSS vulnerability
危険度: 5.9 - Preloader Plus – WordPress Loading Screen Plugin(<= 2.2.1)
Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
危険度: 5.9 - Cab fare calculator(<= 1.1.6)
Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
危険度: 5.9 - Secure Copy Content Protection and Content Locking(< 4.1.7)
Admin+ Stored XSS vulnerability
危険度: 5.9 - Chatbot Support AI(<= 1.0.2)
Admin+ Stored XSS vulnerability
危険度: 5.9 - Media Library Folders(<= 8.2.3)
Missing Authorization on Various Functions vulnerability
危険度: 6.3 - Master Addons for Elementor(<= 2.0.6.4)
Authenticated (Contributor+) Stored Cross-Site Scripting via data-jltma-wrapper-link Element vulnerability
危険度: 6.5 - Slider comparison image before and after(<= 0.8.3)
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
危険度: 6.5 - Nova Blocks by Pixelgrade(<= 2.1.7)
Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute vulnerability
危険度: 6.5 - Affiliate Super Assistent(<= 1.5.3)
Unauthenticated Arbitrary Shortcode Execution vulnerability
危険度: 6.5 - WP ULike(< 4.7.2.1)
Subscriber+ Stored-XSS vulnerability
危険度: 6.5 - Advanced Sermons(<= 3.3)
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
危険度: 6.5 - WP AdCenter(<= 2.5.6)
Authenticated (Contributor+) Stored Cross-Site Scripting via ad_alignment Attribute vulnerability
危険度: 6.5 - Content Blocks (Custom Post Widget)(<= 3.3.5)
Cross Site Scripting (XSS) vulnerability
危険度: 6.5 - Dynamic Featured Image(<= 3.7.0)
Authenticated (Contributor+) Stored Cross-Site Scripting via dfiFeatured Parameter vulnerability
危険度: 6.5 - Amelia(<= 1.2.3)
Missing Authorization to Sensitive Information Exposure vulnerability
危険度: 6.5 - RD Station(<= 5.3.2)
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
危険度: 6.5 - Share This Image(<= 2.02)
Authenticated (Contributor+) Stored Cross-Site Scripting via STI Buttons Shortcode vulnerability
危険度: 6.5 - PixelYourSite PRO(<= 10.4.2)
Unauthenticated Information Exposure and Log Deletion vulnerability
危険度: 6.5 - PixelYourSite – Your smart PIXEL (TAG) Manager(<= 9.7.1)
Unauthenticated Information Exposure and Log Deletion vulnerability
危険度: 6.5 - Attributes for Blocks(<= 1.0.6)
Authenticated (Contributor+) Stored Cross-Site Scripting via attributesForBlocks Parameter vulnerability
危険度: 6.5 - The Ultimate WordPress Toolkit – WP Extended(<= 3.0.8)
Authenticated (Subscriber+) Sensitive Information Exposure vulnerability
危険度: 6.5 - Share This Image(<= 2.01)
Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter vulnerability
危険度: 6.5 - WPZOOM Portfolio(<= 1.4.4)
Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute vulnerability
危険度: 6.5 - Customizer Export/Import(<= 0.9.7)
Authenticated (Admin+) Arbitrary File Upload via Customization Settings Import vulnerability
危険度: 6.6 - AZIndex(<= 0.8.1)
Stored XSS via CSRF vulnerability
危険度: 7.1 - Ninja Forms File Uploads Extension(<= 3.3.16)
Unauthenticated Stored Cross-Site Scripting via File Upload vulnerability
危険度: 7.1 - Sign-up Sheets(< 2.2.13)
Reflected XSS vulnerability
危険度: 7.1 - The Ultimate WordPress Toolkit – WP Extended(<= 3.0.8)
Reflected Cross-Site Scripting via page vulnerability
危険度: 7.1 - Flaming Forms(<= 1.0.1)
Reflected XSS vulnerability
危険度: 7.1 - Flaming Forms(<= 1.0.1)
Unauthenticated Stored XSS vulnerability
危険度: 7.1 - Ninja Forms(3.8.6-3.8.10)
Wordpress Ninja Forms plugin 3.8.6 – 3.8.10 – Reflected XSS
危険度: 7.1 - tagDiv Composer(<= 5.0)
Reflected Cross-Site Scripting via envato_code[] vulnerability
危険度: 7.1 - Booking Calendar(<= 10.5)
Reflected Cross-Site Scripting vulnerability
危険度: 7.1 - WC Marketplace(<= 4.2.0)
Missing Authorization to Limited Vendor Privilege Escalation/Account Takeover vulnerability
危険度: 7.3 - Clean Login(<= 1.14.5)
Authenticated (Contributor+) Local File Inclusion vulnerability
危険度: 7.5 - LifterLMS(<= 7.7.5)
Authenticated (Admin+) SQL Injection vulnerability
危険度: 7.6 - The Ultimate WordPress Toolkit – WP Extended(<= 3.0.8)
Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download vulnerability
危険度: 7.7 - Bit File Manager(6.0-6.5.5)
Unauthenticated Remote Code Execution via Race Condition vulnerability
危険度: 8.1 - Frontend Dashboard(<= 2.2.4)
Authenticated (Subscriber+) Arbitrary Function Call vulnerability
危険度: 8.5 - Pinpoint Booking System(<= 2.9.9.5.0)
WordPress Pinpoint Booking System plugin <= 2.9.9.5.0- Authenticated (Subscriber+) SQL Injection vulnerability
危険度: 8.5 - WP Events Manager(<= 2.1.11)
Authenticated (Subscriber+) Time-Based SQL Injection vulnerability
危険度: 8.5 - Attire(<= 2.0.6)
Authenticated (Contributor+) PHP Object Injection vulnerability
危険度: 8.5 - ForumWP(<= 2.0.2)
Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover vulnerability
危険度: 8.8 - Newsletters(<= 4.9.9.2)
Authenticated Privilege Escalation vulnerability
危険度: 8.8 - The Ultimate WordPress Toolkit – WP Extended(<= 3.0.8)
Authenticated (Subscriber+) Arbitrary Options Update vulnerability
危険度: 8.8 - Viral Signup(<= 2.1)
Unauthenticated SQLi vulnerability
危険度: 9.3 - WPCOM Member(<= 1.5.2.1)
Unauthenticated Privilege Escalation via User Meta vulnerability
危険度: 9.8 - WP-Recall(<= 16.26.8)
Insecure Direct Object Reference to Unauthenticated Arbitrary Password Update vulnerability
危険度: 9.8 - LiteSpeed Cache(< 6.5.0.1)
Unauthenticated Account Takeover via Cookie Leak vulnerability
危険度: 9.8 - WP Job Portal(<= 2.1.6)
Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation vulnerability
危険度: 9.8 - Web Directory Free(< 1.7.3)
Unauthenticated LFI vulnerability
危険度: 9.8 - Bit File Manager(<= 6.5.5)
Authenticated (Subscriber+) Arbitrary File Upload vulnerability
危険度: 9.9
危険度が低いものは表示していません。2024/09/10