مجموعه آسیب‌پذیری‌ها‌ با سطح خطر بالا و بحرانی در WordPress

admin
WordPress, آسیب پذیری, امنیت, امنیت سایبری, امنیت شبکه, هاویرتک, هاویرتکس, وردپرس
0 نظر
715 بازدید

شناسایی مجموعه آسیب‌پذیری‌ها‌ با سطح خطر بالا و بحرانی در WordPress، شامل افزونه‌هایUndsgn Uncode – Creative & WooCommerce تا نسخه 2.8.6،GiveWP GiveWP – Donation و Fundraising Platformتا نسخه 2.25.3، WooCommerce Product Add-Ons تا نسخه 6.1.3،FunnelKit Funnel Builder برایWordPress باFunnelKit – Customize WooCommerce Checkout Pages،Create Sales Funnels & Maximize Profits نسخه 2.14.3، FunnelKit Recover WooCommerce Cart Abandonment،Newsletter ،Email Marketing ، Marketing Automation با FunnelKitتا نسخه 22.6.1، Aaron J 404 تا نسخه 2.34.0، E2Pdf – Export To Pdf Tool تا نسخه 1.20.23،N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking تا نسخه 1.6.6.1، StylemixThemes Booking Calendar | Appointment Booking | BookIt تا نسخه 2.4.3،Nasirahmed Advanced Form Integration Connect WooCommerce، Contact Form 7 و Google Sheets تا نسخه 1.75.0،Squirrly Squirrly SEO – Advanced Pack تا نسخه 2.3.8، Sam Perrow Pre* Party Resource Hints تا نسخه 1.8.18،Basix NEX-Forms – Ultimate Form Builder – Contact forms تا نسخه 8.5.5، JS Help Desk JS Help Desk – Best Help Desk & Support تا نسخه 2.8.1،wpdevelop, oplugins Booking Manager تا نسخه 2.1.5،BookingPress – Appointment Booking Calendar و Online Scheduling تا نسخه 1.0.79، Matthew Fries MF Gig Calendar تا نسخه 1.2.1، Clockwork Clockwork SMS Notfications تا نسخه 3.0.4، James Ward Mail logging – WP Mail Catcher تا نسخه 2.1.3، GeoDirectory – WordPress Business Directory تا نسخه 2.3.28، RegistrationMagic Custom Registration Forms، User Registration،Payment و User Login تا نسخه 5.2.4.5 و Collne Inc. Welcart e-Commerce تا نسخه 2.9.3، به دلیل خنثی سازی نامناسب ورودی و سریال زدایی از داده های غیرقابل اعتماد امکان تزریق SQL و XSS را برای مهاجم فراهم می‌سازد.

شناسه آسیب‌پذیری	شدت آسیب‌پذیری		لینک راهکار	توضیحات
شناسه آسیب‌پذیری	Vendor	NVD	لینک راهکار	توضیحات
CVE-2023-51501		نامشخص	https://patchstack.com/database/vulnerability/uncode-core/wordpress-uncode-core-plugin-2-8-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve	7.1
CVE-2023-32513		نامشخص	https://patchstack.com/database/vulnerability/give/wordpress-give-donation-plugin-plugin-2-25-3-php-object-injection-vulnerability?_s_id=cve	7.1
CVE-2023-32795		نامشخص	https://patchstack.com/database/vulnerability/woocommerce-product-addons/wordpress-woocommerce-product-add-ons-plugin-6-1-3-authenticated-php-object-injection-vulnerability?_s_id=cve	8.2
CVE-2023-50856		نامشخص	https://patchstack.com/database/vulnerability/funnel-builder/wordpress-funnel-builder-for-wordpress-by-funnelkit-plugin-2-14-3-sql-injection-vulnerability?_s_id=cve	7.6
CVE-2023-50857		نامشخص	https://patchstack.com/database/vulnerability/wp-marketing-automations/wordpress-automation-by-funnelkit-plugin-2-6-1-sql-injection-vulnerability?_s_id=cve	7.6
CVE-2023-50848		نامشخص	https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-34-0-sql-injection-vulnerability?_s_id=cve	7.6
CVE-2023-50849		نامشخص	https://patchstack.com/database/vulnerability/e2pdf/wordpress-e2pdf-plugin-1-20-23-sql-injection-vulnerability?_s_id=cve	7.6
CVE-2023-50851		نامشخص	https://patchstack.com/database/vulnerability/simply-schedule-appointments/wordpress-simply-schedule-appointments-booking-plugin-1-6-6-1-sql-injection-vulnerability?_s_id=cve	7.6
CVE-2023-50852		نامشخص	https://patchstack.com/database/vulnerability/bookit/wordpress-bookit-plugin-2-4-3-sql-injection-vulnerability?_s_id=cve	7.6
CVE-2023-50853		نامشخص	https://patchstack.com/database/vulnerability/advanced-form-integration/wordpress-advanced-form-integration-plugin-1-75-0-sql-injection-vulnerability?_s_id=cve	7.6
CVE-2023-50854		نامشخص	https://patchstack.com/database/vulnerability/squirrly-seo-pack/wordpress-squirrly-seo-advanced-pack-plugin-2-3-8-sql-injection-vulnerability?_s_id=cve	7.6
CVE-2023-50855		نامشخص	https://patchstack.com/database/vulnerability/pre-party-browser-hints/wordpress-pre-party-resource-hints-plugin-1-8-18-sql-injection-vulnerability?_s_id=cve	7.6
CVE-2023-50838		نامشخص	https://patchstack.com/database/vulnerability/nex-forms-express-wp-form-builder/wordpress-nex-forms-ultimate-form-builder-8-5-5-sql-injection-vulnerability?_s_id=cve	7.6
CVE-2023-50839		نامشخص	https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-plugin-2-8-1-unauthenticated-sql-injection-vulnerability?_s_id=cve	9.3
CVE-2023-50840		نامشخص	https://patchstack.com/database/vulnerability/booking-manager/wordpress-booking-manager-plugin-2-1-5-sql-injection-vulnerability?_s_id=cve	8.5
CVE-2023-50841		نامشخص	https://patchstack.com/database/vulnerability/bookingpress-appointment-booking/wordpress-bookingpress-plugin-1-0-72-sql-injection-vulnerability?_s_id=cve	8.5
CVE-2023-50842		نامشخص	https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-1-sql-injection-vulnerability?_s_id=cve	8.5
CVE-2023-50844		نامشخص	https://patchstack.com/database/vulnerability/wp-mail-catcher/wordpress-wp-mail-catcher-plugin-2-1-3-sql-injection-vulnerability?_s_id=cve	7.6
CVE-2023-50845		نامشخص	https://patchstack.com/database/vulnerability/geodirectory/wordpress-geodirectory-plugin-2-3-28-sql-injection-vulnerability?_s_id=cve	7.6
CVE-2023-50846		نامشخص	https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-4-5-sql-injection-vulnerability?_s_id=cve	7.6
CVE-2023-50847		نامشخص	https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-9-3-sql-injection-vulnerability?_s_id=cve	7.6

برچسب ها: WordPress آسیب پذیری امنیت امنیت سایبری امنیت شبکه هاویرتک هاویرتکس وردپرس

admin

administrator

09374683780