مجموعه آسیب‌پذیری‌ها با سطح خطر بالا و بحرانی در WordPress

admin
WordPress, آسیب پذیری, امنیت, امنیت سایبری, امنیت شبکه, هاویرتک, وردپرس
0 نظر
269 بازدید

شناسایی مجموعه آسیب‌پذیری‌ها با سطح خطر بالا و بحرانی در WordPress شامل افزونه‌های MasterStudy LMS تا نسخه 3.3.1، HUSKY – Products Filter Professional for WooCommerce تا نسخه 1.3.5.2، Mailster تا نسخه 4.0.6، تم Jobeleon Theme تا نسخه 1.9.1، Spiffy Calendar تا نسخه 4.9.7، Contest Gallery تا نسخه 21.3.5، WordPress Announcement & Notification Banner Plugin – Bulletin تا نسخه 3.8.5، Media Library Folders تا نسخه 8.1.7، Zotpress تا نسخه 7.3.7، ProfileGrid تا نسخه 5.7.8، OSS Aliyun تا نسخه 1.4.10، Falang Multilanguage تا نسخه 1.3.47، Element Pack Elementor Addons تا نسخه 5.5.3، WP Responsive Tabs horizontal vertical and accordion Tabs تا نسخه 1.1.17، CRM Perks Forms تا نسخه 1.1.4، CRM Perks Forms تا نسخه 1.1.4، CubeWP – All-in-One Dynamic Content Framework تا نسخه 1.1.12، Download Monitor تا نسخه 4.9.4، Salon booking system تا نسخه 9.5، WP Travel Engine تا نسخه 5.7.9، All In One Redirection تا نسخه 2.2.0، Creative Image Slider – Responsive Slider تا نسخه 2.1.3، Booking Activities تا نسخه 1.15.19، Mang Board WP تا نسخه 1.8.0، The Plus Blocks for Block Editor | Gutenberg تا نسخه 3.2.5، Limit Attempts by BestWebSoft تا نسخه 1.2.9، Post Grid تا نسخه 2.2.74، ElementsKit Elementor addons تا نسخه 3.0.6، Integrate Google Drive تا نسخه 1.3.8 و Favorites تا نسخه 2.3.3 امکان ارتقا سطح دسترسی بدون احراز هویت از طریق stm_lms_register اقدام AJAX، LFI تایید نشده از طریق modal، LFI، XSS، تزریق SQL، کنترل دسترسی نامناسب، بارگذاری نامحدود فایل مخرب، LFI در render_raw، عدم مجوز برای اصلاح و صادر کردن (Modification and Export) تنظیمات تأیید نشده و Stored XSS را برای مهاجم فراهم می‌سازد.

شناسه آسیب‌پذیری	شدت آسیب‌پذیری		لینک راهکار	توضیحات
شناسه آسیب‌پذیری	Vendor	NVD	لینک راهکار	توضیحات
CVE-2024-2409	9.8	نامشخص	https://www.wordfence.com/threat-intel/vulnerabilities/id/94736152-b365-4b3a-a786-ed49f7d0fc7a?source=cve
CVE-2024-2411	9.8	نامشخص	https://www.wordfence.com/threat-intel/vulnerabilities/id/d68a2b60-ee89-4231-b256-214eba418244?source=cve
CVE-2024-3061	7.2	نامشخص	https://www.wordfence.com/threat-intel/vulnerabilities/id/6a0a0395-c193-4686-ba97-73fdd40d3048?source=cve
CVE-2024-30503	7.1	نامشخص	https://patchstack.com/database/vulnerability/mailster/wordpress-mailster-plugin-4-0-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CVE-2022-47153	7.1	نامشخص	https://patchstack.com/database/vulnerability/jobeleon-wpjobboard/wordpress-jobeleon-theme-1-9-1-cross-site-scripting-xss?_s_id=cve
CVE-2024-30427	7.1	نامشخص	https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-7-cross-site-scripting-xss-vulnerability?_s_id=cve
CVE-2024-30428	7.1	نامشخص	https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-21-3-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CVE-2024-30478	7.6	نامشخص	https://patchstack.com/database/vulnerability/bulletin-announcements/wordpress-announcement-notification-banner-bulletin-plugin-3-8-5-sql-injection-vulnerability?_s_id=cve
CVE-2024-30486	8.5	نامشخص	https://patchstack.com/database/vulnerability/media-library-plus/wordpress-media-library-folders-plugin-8-1-7-author-sql-injection-vulnerability?_s_id=cve
CVE-2024-30487	7.6	نامشخص	https://patchstack.com/database/vulnerability/mp3-music-player-by-sonaar/wordpress-mp3-audio-player-for-music-radio-podcast-by-sonaar-plugin-5-1-broken-access-control-vulnerability?_s_id=cve
CVE-2024-30488	8.5	نامشخص	https://patchstack.com/database/vulnerability/zotpress/wordpress-zotpress-plugin-7-3-7-sql-injection-vulnerability?_s_id=cve
CVE-2024-30490	9.3	نامشخص	https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-7-8-sql-injection-vulnerability?_s_id=cve
CVE-2024-30491	8.5	نامشخص	https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-user-profiles-memberships-groups-and-communities-plugin-5-7-8-sql-injection-vulnerability?_s_id=cve
CVE-2024-30494	7.6	نامشخص	https://patchstack.com/database/vulnerability/oss-aliyun/wordpress-oss-aliyun-plugin-1-4-10-sql-injection-vulnerability?_s_id=cve
CVE-2024-30495	7.6	نامشخص	https://patchstack.com/database/vulnerability/falang/wordpress-falang-multilanguage-for-wordpress-plugin-1-3-47-sql-injection-vulnerability?_s_id=cve
CVE-2024-30496	8.5	نامشخص	https://patchstack.com/database/vulnerability/bdthemes-element-pack-lite/wordpress-element-pack-lite-plugin-5-5-3-sql-injection-vulnerability?_s_id=cve
CVE-2024-30497	8.5	نامشخص	https://patchstack.com/database/vulnerability/responsive-horizontal-vertical-and-accordion-tabs/wordpress-wp-responsive-tabs-horizontal-vertical-and-accordion-tabs-plugin-1-1-17-sql-injection-vulnerability?_s_id=cve
CVE-2024-30498	9.3	نامشخص	https://patchstack.com/database/vulnerability/crm-perks-forms/wordpress-crm-perks-forms-plugin-1-1-4-unauthenticated-sql-injection-vulnerability?_s_id=cve
CVE-2024-30499	8.5	نامشخص	https://patchstack.com/database/vulnerability/crm-perks-forms/wordpress-crm-perks-forms-plugin-1-1-4-sql-injection-vulnerability?_s_id=cve
CVE-2024-30500	9.9	نامشخص	https://patchstack.com/database/vulnerability/cubewp-framework/wordpress-cubewp-plugin-1-1-12-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-30501	7.6	نامشخص	https://patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-theme-4-9-4-admin-sql-injection-vulnerability?_s_id=cve
CVE-2024-30510	10.0	نامشخص	https://patchstack.com/database/vulnerability/salon-booking-system/wordpress-salon-booking-system-plugin-9-5-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-30502	9.3	نامشخص	https://patchstack.com/database/vulnerability/wp-travel-engine/wordpress-wp-travel-engine-plugin-5-7-9-unauth-blind-sql-injection-vulnerability?_s_id=cve
CVE-2024-30504	7.6	نامشخص	https://patchstack.com/database/vulnerability/wp-travel-engine/wordpress-wp-travel-engine-plugin-5-7-9-sql-injection-vulnerability?_s_id=cve
CVE-2024-30506	7.1	نامشخص	https://patchstack.com/database/vulnerability/all-in-one-redirection-404-pages-list/wordpress-all-in-one-redirection-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve
CVE-2024-30447	7.1	نامشخص	https://patchstack.com/database/vulnerability/creative-image-slider/wordpress-creative-image-slider-plugin-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve
CVE-2024-30449	7.1	نامشخص	https://patchstack.com/database/vulnerability/booking-activities/wordpress-booking-activities-plugin-1-15-19-cross-site-scripting-xss-vulnerability?_s_id=cve
CVE-2024-30431	7.1	نامشخص	https://patchstack.com/database/vulnerability/mangboard/wordpress-mang-board-wp-plugin-1-8-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CVE-2024-30435	7.1	نامشخص	https://patchstack.com/database/vulnerability/the-plus-addons-for-block-editor/wordpress-the-plus-blocks-for-block-editor-gutenberg-plugin-3-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CVE-2024-30439	7.1	نامشخص	https://patchstack.com/database/vulnerability/limit-attempts/wordpress-limit-attempts-by-bestwebsoft-plugin-1-2-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CVE-2024-30441	7.1	نامشخص	https://patchstack.com/database/vulnerability/post-grid/wordpress-combo-blocks-plugin-2-2-74-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CVE-2024-2047	8.8	نامشخص	https://www.wordfence.com/threat-intel/vulnerabilities/id/413e6326-14c6-4734-8adc-114a7842c574?source=cve
CVE-2024-2086	10.0	نامشخص	https://www.wordfence.com/threat-intel/vulnerabilities/id/a303c798-c206-426a-9a96-263c8c069bdb?source=cve
CVE-2024-2948	7.2	نامشخص	https://www.wordfence.com/threat-intel/vulnerabilities/id/38a87046-9a46-40c2-b10d-d1a7d5ef8742?source=cve

برچسب ها: WordPress آسیب پذیری امنیت امنیت سایبری امنیت شبکه هاویرتک وردپرس

admin

administrator

09374683780