مجموعه آسیب‌پذیری‌ها با سطح خطر بالا و بحرانی‌ در WordPress

شناسایی مجموعه آسیب‌پذیری‌ها با سطح خطر بالا و بحرانی‌ در WordPress شامل افزونه‌های WappPress نسخه 5.0.3 و قبل‌تر، Fusion Builder نسخه 3.11.1 و قبل‌تر، CformsII نسخه 15.0.5 و قبل‌تر، WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels نسخه 4.4.0 و قبل‌تر، FV Flowplayer Video Player نسخه 7.5.41.7212 و قبل‌تر، Email Subscribers & Newsletters نسخه 5.7.11 و قبل‌تر، Simply Schedule Appointments نسخه 1.6.6.20 و قبل‌تر، WP Editor نسخه 1.2.8 و قبل‌تر، Product Feed PRO for WooCommerce نسخه 13.2.5 و قبل‌تر، Knowledge Base for Documentation, FAQs with AI Assistance نسخه 11.30.2 و قبل‌تر، Widgets Controller نسخه 1.1 و قبل‌تر، SEO Backlink Monitor نسخه 1.5.0 و قبل‌تر، Podlove Podcast Publisher نسخه 4.0.9 و قبل‌تر، Action Network نسخه 1.4.3 و قبل‌تر، Sunshine Photo Cart نسخه 3.1.1 و قبل‌تر، New RoyalSlider نسخه 3.4.2 و قبل‌تر، Easy Social Share Buttons نسخه 9.4 و قبل‌تر، WP-Lister Lite for Amazon نسخه 2.6.8 و قبل‌تر، WordPress Importer نسخه 1.0.4 و قبل‌تر، Survey Maker نسخه 4.0.6 و قبل‌تر، Photo Gallery by Ays نسخه 5.5.2 و قبل‌تر، PropertyHive نسخه 2.0.8 و قبل‌تر، Premium Packages نسخه 5.8.2 و قبل‌تر، Advanced Sermons نسخه 3.1 و قبل‌تر، WP Google Maps نسخه 9.0.29 و قبل‌تر، Doneren met Mollie نسخه 2.10.2 و قبل‌تر، Shortlinks by Pretty Links نسخه 3.6.2 و قبل‌تر، WP Directory Kit نسخه 1.2.9 و قبل‌تر، Forminator نسخه 1.29.0 و قبل‌تر، SEO Plugin by Squirrly SEO نسخه 12.3.16 و قبل‌تر، Bulk NoIndex & NoFollow Toolkit نسخه 2.01 و قبل‌تر، Unlimited Elements For Elementor (Free Widgets, Addons, Templates) نسخه 1.5.93 و قبل‌تر، Conversios.Io نسخه 6.9.1 و قبل‌تر، Shipping with Venipak for WooCommerce نسخه 1.19.5 و قبل‌تر، ReDi Restaurant Reservation نسخه 24.0128 و قبل‌تر، Fusion Builder نسخه 3.11.1 و قبل‌تر، Co-marquage service-public.Fr نسخه 0.5.72 و قبل‌تر، Calculated Fields Form نسخه 1.2.54 و قبل‌تر، Booster for WooCommerce نسخه 7.1.7 و قبل‌تر، WordPress Meta Data and Taxonomies Filter (MDTF) نسخه 1.3.3 و قبل‌تر، BizPrint نسخه 4.5.5 و قبل‌تر، Contest Gallery نسخه 21.3.2 و قبل‌تر، Avada نسخه 7.11.1، Spectra نسخه 2.6.6، Starter Templates — Elementor, WordPress & Beaver Builder Templates و Premium Starter Templates نسخه 3.2.4، DecaLog نسخه 3.9.0، Church Admin نسخه 4.0.27، WordPress Tooltips نسخه قبل از 9.4.5، Contact Form to Any API نسخه 1.1.8، ProfileGrid  نسخه 5.7.1، Calendarista نسخه 15.5.7، Zoho Campaigns نسخه 2.0.6، Slider by Supsystic نسخه 1.8.10، Contest Gallery نسخه 21.3.4، PDF Invoices and Packing Slips For WooCommerce نسخه 1.3.7، GiveWP نسخه 3.4.2، Hercules Core نسخه 6.4، Geo Controller نسخه 8.6.4، BetterDocs نسخه 3.3.3، WP Migrate نسخه 2.6.10، WholesaleX نسخه 1.3.2، ARMember نسخه 4.0.26، Meta Tag Manager نسخه 3.0.2 و Pz-LinkCard  نسخه 2.5.1 امکان بارگذاری نامحدود فایل مخرب، Reflected XSS، سریال‌زدایی از داده‌های غیرقابل اعتماد و تزریق شی PHP، تزریق SQL، CSRF، SSRF و Stored XSS را برای مهاجم فراهم می‌سازد.

شناسه آسیب‌پذیری شدت آسیب‌پذیری لینک راهکار توضیحات
Vendor NVD
CVE-2023-49815 10.0 نامشخص https://patchstack.com/database/vulnerability/wapppress-builds-android-app-for-website/wordpress-wapppress-plugin-5-0-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve  
CVE-2023-39306 7.1 نامشخص https://patchstack.com/database/vulnerability/fusion-builder/wordpress-avada-builder-plugin-3-11-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-22149 7.1 نامشخص https://patchstack.com/database/vulnerability/cforms2/wordpress-cformsii-plugin-15-0-5-cross-site-scripting-xss-vulnerability-2?_s_id=cve  
CVE-2024-22288 7.1 نامشخص https://patchstack.com/database/vulnerability/print-invoices-packing-slip-labels-for-woocommerce/wordpress-woocommerce-pdf-invoices-packing-slips-delivery-notes-and-shipping-labels-plugin-4-4-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-22299 7.1 نامشخص https://patchstack.com/database/vulnerability/fv-wordpress-flowplayer/wordpress-fv-player-plugin-7-5-41-7212-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-22300 7.1 نامشخص https://patchstack.com/database/vulnerability/email-subscribers/wordpress-icegram-express-plugin-5-7-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-22311 7.1 نامشخص https://patchstack.com/database/vulnerability/simply-schedule-appointments/wordpress-simply-schedule-appointments-plugin-1-6-6-20-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-24700 7.1 نامشخص https://patchstack.com/database/vulnerability/wp-editor/wordpress-wp-editor-plugin-1-2-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-24800 7.1 نامشخص https://patchstack.com/database/vulnerability/woo-product-feed-pro/wordpress-product-feed-pro-for-woocommerce-plugin-13-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-24842 8.7 نامشخص https://patchstack.com/database/vulnerability/echo-knowledge-base/wordpress-knowledge-base-for-documentation-faqs-with-ai-assistance-plugin-11-30-2-php-object-injection-vulnerability?_s_id=cve  
CVE-2024-25926 7.1 نامشخص https://patchstack.com/database/vulnerability/widgets-controller/wordpress-widgets-controller-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29907 7.1 نامشخص https://patchstack.com/database/vulnerability/seo-backlink-monitor/wordpress-seo-backlink-monitor-plugin-1-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29915 7.1 نامشخص https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-2954 7.2 نامشخص https://www.wordfence.com/threat-intel/vulnerabilities/id/fdf18ae2-f0d4-44d4-9dd1-6ac36d859d68?source=cve  
CVE-2024-30194 7.1 نامشخص https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-30195 7.1 نامشخص https://patchstack.com/database/vulnerability/new-royalslider/wordpress-new-royalslider-plugin-3-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-30196 7.1 نامشخص https://patchstack.com/database/vulnerability/easy-social-share-buttons3/wordpress-easy-social-share-buttons-plugin-9-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-30199 7.1 نامشخص https://patchstack.com/database/vulnerability/wp-lister-for-amazon/wordpress-wp-lister-lite-for-amazon-plugin-2-6-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-30201 7.1 نامشخص https://patchstack.com/database/vulnerability/wp-smart-import/wordpress-wp-smart-import-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29918 7.1 نامشخص https://patchstack.com/database/vulnerability/survey-maker/wordpress-survey-maker-plugin-4-0-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29919 7.1 نامشخص https://patchstack.com/database/vulnerability/gallery-photo-gallery/wordpress-photo-gallery-by-ays-plugin-5-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29923 7.1 نامشخص https://patchstack.com/database/vulnerability/propertyhive/wordpress-propertyhive-plugin-2-0-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29924 7.1 نامشخص https://patchstack.com/database/vulnerability/wpdm-premium-packages/wordpress-premium-packages-plugin-5-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29928 7.1 نامشخص https://patchstack.com/database/vulnerability/advanced-sermons/wordpress-advanced-sermons-plugin-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29931 7.1 نامشخص https://patchstack.com/database/vulnerability/wp-google-maps/wordpress-wp-go-maps-plugin-9-0-29-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29767 7.1 نامشخص https://patchstack.com/database/vulnerability/doneren-met-mollie/wordpress-doneren-met-mollie-plugin-2-10-2-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29770 7.1 نامشخص https://patchstack.com/database/vulnerability/pretty-link/wordpress-pretty-links-plugin-3-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29774 7.1 نامشخص https://patchstack.com/database/vulnerability/wpdirectorykit/wordpress-wp-directory-kit-plugin-1-2-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29777 7.1 نامشخص https://patchstack.com/database/vulnerability/forminator/wordpress-forminator-plugin-1-29-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29790 7.1 نامشخص https://patchstack.com/database/vulnerability/squirrly-seo/wordpress-squirrly-seo-plugin-12-3-16-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29791 7.1 نامشخص https://patchstack.com/database/vulnerability/bulk-noindex-nofollow-toolkit-by-mad-fish/wordpress-bulk-noindex-nofollow-toolkit-plugin-2-01-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29792 7.1 نامشخص https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-93-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29794 7.1 نامشخص https://patchstack.com/database/vulnerability/enhanced-e-commerce-for-woocommerce-store/wordpress-conversios-io-plugin-6-9-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29805 7.1 نامشخص https://patchstack.com/database/vulnerability/wc-venipak-shipping/wordpress-shipping-with-venipak-for-woocommerce-plugin-1-19-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29806 7.1 نامشخص https://patchstack.com/database/vulnerability/redi-restaurant-reservation/wordpress-redi-restaurant-reservation-plugin-24-0128-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2023-39311 7.1 نامشخص https://patchstack.com/database/vulnerability/fusion-builder/wordpress-avada-builder-plugin-3-11-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve  
CVE-2024-29758 7.1 نامشخص https://patchstack.com/database/vulnerability/co-marquage-service-public/wordpress-co-marquage-service-public-fr-plugin-0-5-72-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29759 7.1 نامشخص https://patchstack.com/database/vulnerability/calculated-fields-form/wordpress-calculated-fields-form-plugin-1-2-54-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29760 7.1 نامشخص https://patchstack.com/database/vulnerability/woocommerce-jetpack/wordpress-booster-for-woocommerce-plugin-7-1-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29763 7.1 نامشخص https://patchstack.com/database/vulnerability/wp-meta-data-filter-and-taxonomy-filter/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2024-29773 7.1 نامشخص https://patchstack.com/database/vulnerability/print-google-cloud-print-gcp-woocommerce/wordpress-bizprint-plugin-4-5-5-csrf-to-xss-vulnerability?_s_id=cve  
CVE-2024-30238 8.5 نامشخص https://patchstack.com/database/vulnerability/contest-gallery/wordpress-photos-and-files-contest-gallery-plugin-21-3-2-sql-injection-vulnerability?_s_id=cve  
CVE-2023-39313 7.7 نامشخص https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-server-side-request-forgery-ssrf-vulnerability?_s_id=cve  
CVE-2023-36679 7.1 نامشخص https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-plugin-2-6-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve  
CVE-2023-34370 7.1 نامشخص https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve  
CVE-2024-30245 7.6 نامشخص https://patchstack.com/database/vulnerability/decalog/wordpress-decalog-plugin-3-9-0-sql-injection-vulnerability?_s_id=cve  
CVE-2024-30244 8.5 نامشخص https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-0-27-sql-injection-via-shortcode-vulnerability?_s_id=cve  
CVE-2024-30243 8.5 نامشخص https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-9-4-5-contributor-sql-injection-vulnerability?_s_id=cve  
CVE-2024-30242 8.5 نامشخص https://patchstack.com/database/vulnerability/contact-form-to-any-api/wordpress-contact-form-to-any-api-plugin-1-1-8-subscriber-sql-injection-vulnerability?_s_id=cve  
CVE-2024-30241 8.5 نامشخص https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-user-profiles-memberships-groups-and-communities-plugin-5-7-1-contributor-sql-injection-vulnerability?_s_id=cve  
CVE-2024-30240 8.5 نامشخص https://patchstack.com/database/vulnerability/calendarista/wordpress-calendarista-plugin-15-5-7-sql-injection-vulnerability?_s_id=cve  
CVE-2024-30239 8.5 نامشخص https://patchstack.com/database/vulnerability/zoho-campaigns/wordpress-zoho-campaigns-plugin-2-0-6-sql-injection-vulnerability?_s_id=cve  
CVE-2024-30237 7.6 نامشخص https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-10-sql-injection-vulnerability?_s_id=cve  
CVE-2024-30236 8.5 نامشخص https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-21-3-4-sql-injection-vulnerability?_s_id=cve  
CVE-2024-30230 8.2 نامشخص https://patchstack.com/database/vulnerability/pdf-invoices-and-packing-slips-for-woocommerce/wordpress-pdf-invoices-and-packing-slips-for-woocommerce-plugin-1-3-7-php-object-injection-vulnerability?_s_id=cve  
CVE-2024-30229 8.0 نامشخص https://patchstack.com/database/vulnerability/give/wordpress-give-plugin-3-4-2-php-object-injection-vulnerability?_s_id=cve  
CVE-2024-30228 9.9 نامشخص https://patchstack.com/database/vulnerability/hercules-core/wordpress-hercules-core-plugin-6-4-subscriber-php-object-injection-vulnerability?_s_id=cve  
CVE-2024-30227 9.0 نامشخص https://patchstack.com/database/vulnerability/cf-geoplugin/wordpress-geo-controller-plugin-8-6-4-php-object-injection-vulnerability?_s_id=cve  
CVE-2024-30226 9.0 نامشخص https://patchstack.com/database/vulnerability/betterdocs/wordpress-betterdocs-plugin-3-3-3-unauthenticated-php-object-injection-vulnerability?_s_id=cve  
CVE-2024-30225 10.0 نامشخص https://patchstack.com/database/vulnerability/wp-migrate-db-pro/wordpress-wp-migrate-plugin-2-6-10-unauthenticated-php-object-injection-vulnerability?_s_id=cve  
CVE-2024-30224 10.0 نامشخص https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-2-unauthenticated-php-object-injection-vulnerability?_s_id=cve  
CVE-2024-30223 9.0 نامشخص https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-26-unauthenticated-php-object-injection-vulnerability?_s_id=cve  
CVE-2024-30222 8.5 نامشخص https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-26-php-object-injection-vulnerability?_s_id=cve  
CVE-2024-1770 8.8 نامشخص https://www.wordfence.com/threat-intel/vulnerabilities/id/9ec1aed2-d299-4fa9-add6-10b63ed6aa30?source=cve  
CVE-2024-0677 نامشخص https://wpscan.com/vulnerability/0f7757c9-69fa-49db-90b0-40f0ff29bee7  
CVE-2024-0673 نامشخص https://wpscan.com/vulnerability/d80e725d-356a-4997-a352-33565e291fc8  
CVE-2024-0672 نامشخص https://wpscan.com/vulnerability/eceb6585-5969-4aa6-9908-b6bfb578190a  

 

 

برچسب ها:
administrator

نظر دهید

خبرنامه

برای دریافت آخرین به روز رسانی ها در مورد تبلیغات و کوپن ها هم اکنون ثبت نام کنید.

شبکه های اجتماعی

نوشته های مرتبط
اخبار, تکنولوژی نوشته شده در 6 ماه پیش
مجموعه آسیب‌پذیری‌ها‌ با سطح خطر بالا در Atlassian

0 787
آموزش, اخبار, تکنولوژی نوشته شده در 3 ماه پیش
آسیب‌پذیری‌ در Python

شناسایی آسیب‌پذیری‌ در Python، شامل eventlet قبل از ..

0 220
اخبار, تکنولوژی نوشته شده در 5 ماه پیش
مجموعه آسیب‌پذیری‌ها با سطح خطر بالا‌‌‌‌ در Node.js

شناسایی مجموعه آسیب‌پذیری‌ها با سطح خطر بالا ..

0 335