مجموعه آسیب‌پذیری‌‌ها‌ با سطح خطر بالا و بحرانی در WordPress

admin
WordPress, آسیب پذیری, امنیت, امنیت سایبری, امنیت شبکه, هاویر, وردپرس
0 نظر
279 بازدید

شناسایی مجموعه آسیب‌پذیری‌‌ها‌ با سطح خطر بالا و بحرانی در WordPress، شامل افزونه‌های Tutor LMS Pro همه نسخه‌ها و از جمله 2.7.0،ConvertPlus همه نسخه‌ها تا و از جمله 3.5.26، ShiftController Employee Shift Scheduling تا نسخه‌ 4.9.57،IOSS WP MLM Unilevel تا نسخه 4.0، Abdul Hakeem Build App Onlineتا نسخه 1.0.19، powerfulwp Local Delivery Drivers برای WooCommerce تا نسخه 1.9.0، Glowlogix WP Frontend Profile تا نسخه 1.3.1، InstaWP Team InstaWP Connect تا نسخه 0.1.0.8، WebWizards SalesKing تا نسخه 1.6.15،BoldGrid Total Upkeep تا نسخه 1.15.8، Masteriyo LMS تا نسخه 1.7.2،Repute Infosystems ARMember تا نسخه 4.0.10، Saleswonder Team WebinarIgnition تا نسخه 3.05.0،appscreo Easy Social Share Buttons تا نسخه 9.4، Wholesale WholesaleX تا نسخه 1.3.2، Sizam Design Rehub تا نسخه 19.6.1، WP Sharks s2Member Pro تا نسخه 240315، CodeRevolution Demo My WordPress تا نسخه 1.0.9.1، Artbees SellKit تا نسخه 1.8.1،WP Automatic Automatic تا نسخه 3.92.0، Premmerce Premmerce Permalink Manager برای WooCommerce تا نسخه 2.3.0، AA-Team WZone تا نسخه 14.0.10، JR King/Eran Schoellhorn WP Masquerade تا نسخه 1.1.0، 8theme XStore Core تا نسخه 5.3.8، UkrSolution Barcode Scanner with Inventory & Order Manager تا نسخه 1.5.3، Darren Cooney Instant Images تا نسخه 6.1.0، WPCustomify Customify Site Library تا نسخه 0.0.9، realmag777 WordPress Meta Data و Taxonomies Filter (MDTF) تا نسخه 1.3.3.2، Hamid Alinia – idehweb Login with phone number تا نسخه 1.7.16، Astoundify Simple Registration for WooCommerce تا نسخه 1.5.6 و PluginUS HUSKY – Products Filter برای WooCommerce تا نسخه 1.3.5.2، به دلیل بارگذاری نامحدود فایل با نوع خطرناک، پیمایش مسیر، تزریق یک شی PHP و تزریق SQL، امکان بازیابی داده های حساس، اجرای کد، استخراج اطلاعات حساس از پایگاه داده، افزایش امتیاز و XSS را برای مهاجم فراهم می‌سازد.

شناسه آسیب‌پذیری	شدت آسیب‌پذیری		لینک راهکار	توضیحات
شناسه آسیب‌پذیری	Vendor	NVD	لینک راهکار	توضیحات
CVE-2024-4222		نامشخص	https://www.wordfence.com/threat-intel/vulnerabilities/id/942fffb6-2719-4b70-9759-21b2d50002c5?source=cve	7.3
CVE-2024-4223		نامشخص	https://www.wordfence.com/threat-intel/vulnerabilities/id/ce4c4395-6d1a-4d5f-885f-383e5c44c0f8?source=cve	9.8
CVE-2024-4351		نامشخص	https://www.wordfence.com/threat-intel/vulnerabilities/id/59859583-49e5-4a80-8659-b9ca7ddc089d?source=cve	8.8
CVE-2024-4352		نامشخص	https://www.wordfence.com/threat-intel/vulnerabilities/id/c647beda-cf73-4372-975f-a8c8ed05217f?source=cve	8.8
CVE-2024-4838		نامشخص	https://www.wordfence.com/threat-intel/vulnerabilities/id/16f5a104-dce0-4249-91b9-67f99cce16d3?source=cve	7.5
CVE-2024-4733		نامشخص	https://www.wordfence.com/threat-intel/vulnerabilities/id/9c8ab916-240d-43c3-92d4-7efd75862a5e?source=cve	7.5
CVE-2023-51476		نامشخص	https://patchstack.com/database/vulnerability/wp-mlm/wordpress-wp-mlm-unilevel-plugin-4-0-unauthenticated-account-takeover-vulnerability?_s_id=cve	9.8
CVE-2023-51479		نامشخص	https://patchstack.com/database/vulnerability/build-app-online/wordpress-build-app-online-plugin-1-0-19-authenticated-privilege-escalation-vulnerability?_s_id=cve	8.8
CVE-2023-51481		نامشخص	https://patchstack.com/database/vulnerability/local-delivery-drivers-for-woocommerce/wordpress-local-delivery-drivers-for-woocommerce-plugin-1-9-0-unauthenticated-account-takeover-vulnerability?_s_id=cve	9.8
CVE-2023-51483		نامشخص	https://patchstack.com/database/vulnerability/wp-front-end-profile/wordpress-wp-frontend-profile-plugin-1-3-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve	9.8
CVE-2024-22145		نامشخص	https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-8-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve	8.8
CVE-2024-22157		نامشخص	https://patchstack.com/database/vulnerability/salesking/wordpress-salesking-plugin-1-6-15-unauthenticated-privilege-escalation-vulnerability?_s_id=cve	9.8
CVE-2024-24869		نامشخص	https://patchstack.com/database/vulnerability/boldgrid-backup/wordpress-total-upkeep-plugin-1-15-8-arbitrary-file-download-vulnerability?_s_id=cve	7.5
CVE-2024-24882		نامشخص	https://patchstack.com/database/vulnerability/learning-management-system/wordpress-lms-by-masteriyo-plugin-1-7-2-privilege-escalation-vulnerability?_s_id=cve	9.8
CVE-2023-51356		نامشخص	https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-10-privilege-escalation-vulnerability?_s_id=cve	8.8
CVE-2023-51424		نامشخص	https://patchstack.com/database/vulnerability/webinar-ignition/wordpress-webinarignition-plugin-3-05-0-unauthenticated-privilege-escalation-vulnerability?_s_id=cve	9.8
CVE-2024-31300		نامشخص	https://patchstack.com/database/vulnerability/easy-social-share-buttons3/wordpress-easy-social-share-buttons-plugin-9-4-local-file-inclusion-vulnerability?_s_id=cve	8.5
CVE-2024-30542		نامشخص	https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-2-unauthenticated-privilege-escalation-vulnerability?_s_id=cve	9.8
CVE-2024-31231		نامشخص	https://patchstack.com/database/vulnerability/rehub-theme/wordpress-rehub-theme-19-6-1-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve	9.0
CVE-2024-31237		نامشخص	https://patchstack.com/database/vulnerability/s2member/wordpress-s2member-plugin-240315-privilege-escalation-vulnerability?_s_id=cve	7.5
CVE-2024-31290		نامشخص	https://patchstack.com/database/vulnerability/demo-my-wordpress/wordpress-demo-my-wordpress-plugin-1-0-9-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve	9.8
CVE-2024-30509		نامشخص	https://patchstack.com/database/vulnerability/sellkit/wordpress-sellkit-plugin-1-8-1-arbitrary-file-download-vulnerability?_s_id=cve	7.5
CVE-2024-27954		نامشخص	https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-unauthenticated-arbitrary-file-download-and-ssrf-vulnerability?_s_id=cve	9.3
VE-2024-27971		نامشخص	https://patchstack.com/database/vulnerability/woo-permalink-manager/wordpress-premmerce-permalink-manager-for-woocommerce-plugin-2-3-10-local-file-inclusion-vulnerability?_s_id=cve	8.3
CVE-2024-33549		نامشخص	https://patchstack.com/database/vulnerability/woozone/wordpress-wzone-plugin-14-0-10-privilege-escalation-vulnerability?_s_id=cve	8.8
CVE-2024-33550		نامشخص	https://patchstack.com/database/vulnerability/wp-masquerade/wordpress-wp-masquerade-plugin-1-1-0-authenticated-account-takeover-vulnerability?_s_id=cve	8.8
CVE-2024-33552		نامشخص	https://patchstack.com/database/vulnerability/et-core-plugin/wordpress-xstore-core-plugin-5-3-5-unauthenticated-privilege-escalation-vulnerability?_s_id=cve	9.8
CVE-2024-33567		نامشخص	https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-3-unauthenticated-privilege-escalation-vulnerability?_s_id=cve	9.8
CVE-2024-33569		نامشخص	https://patchstack.com/database/vulnerability/instant-images/wordpress-instant-images-plugin-6-1-0-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve	7.2
CVE-2024-33644		نامشخص	https://patchstack.com/database/vulnerability/customify-sites/wordpress-customify-site-library-plugin-0-0-9-remote-code-execution-rce-vulnerability?_s_id=cve	9.9
CVE-2024-34434		نامشخص	https://patchstack.com/database/vulnerability/wp-meta-data-filter-and-taxonomy-filter/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-2-arbitrary-shortcode-execution-vulnerability?_s_id=cve	7.2
CVE-2024-32507		نامشخص	https://patchstack.com/database/vulnerability/login-with-phone-number/wordpress-login-with-phone-number-plugin-1-7-16-privilege-escalation-vulnerability?_s_id=cve	8.8
CVE-2024-32511		نامشخص	https://patchstack.com/database/vulnerability/woocommerce-simple-registration/wordpress-simple-registration-for-woocommerce-plugin-1-5-6-unauthenticated-privilege-escalation-vulnerability?_s_id=cve	9.8
CVE-2024-32680		نامشخص	https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-5-2-remote-code-execution-rce-vulnerability?_s_id=cve	8.8

برچسب ها: WordPress آسیب پذیری امنیت امنیت سایبری امنیت شبکه هاویر وردپرس

admin

administrator

09374683780