مجموعه آسیب‌پذیری‌ها با سطح خطر بالا و بحرانی‌ در WordPress

شناسایی مجموعه آسیب‌پذیری‌ها با سطح خطر بالا و بحرانی‌ در WordPress شامل افزونه‌های Qode Essential Addons  نسخه 1.5.2، WP EXtra  نسخه 6.2، Nexter Extension نسخه 2.0.3، Kanban Boards نسخه 2.5.21، Rename Media Files نسخه 1.0.1، RSVPMaker نسخه 10.6.6، WP Booklet نسخه 2.1.8، HT Mega – Absolute Addons For Elementor نسخه 2.3.8، Verge3D Publishing and E-Commerce نسخه 4.5.2، Astra Pro نسخه 4.3.1، miniOrange’s Google Authenticator نسخه 5.6.1، Login Lockdown – Protect Login Form نسخه 2.06، WS Form LITE – Drag & Drop Contact Form Builder نسخه 1.9.170، Google Photos Gallery with Shortcodes نسخه 4.0.2، Job Manager & Career نسخه 1.4.4، Professional products tables for WooCommerce store نسخه 1.0.6، Rencontre – Dating Site نسخه 3.11.1، WebinarIgnition نسخه 3.05.0، EnvíaloSimple نسخه 2.1، Impreza – WordPress Website and WooCommerce Builder نسخه 8.17.4، تم TheGem – Creative Multi-Purpose & WooCommerce  نسخه 5.9.1، WP MLM SOFTWARE  نسخه 4.0، TerraClassifieds  نسخه 2.0.3، Rencontre – Dating Site نسخه 3.10.1، Verge3D Publishing and E-Commerce نسخه 4.5.2، BERTHA AI نسخه 1.11.10.7، JVM Gutenberg Rich Text Icons نسخه 1.2.3، Piotnet Forms نسخه 1.0.25، Frontend Admin by DynamiApps نسخه 3.18.3 و WP Mail Log نسخه 1.1.2 امکان  تزریق کد دلخواه، XSS، افشای اطلاعات حساس، تزریق SQL، CSRF، سریال‌زدایی از داده‌های غیرقابل اعتماد، تزریق شی PHP و آپلود نامحدود فایل مخرب را برای مهاجم فراهم می‌سازد.

شناسه آسیب‌پذیری شدت آسیب‌پذیری لینک راهکار توضیحات
Vendor NVD
CVE-2023-47840 9.9 8.8 https://patchstack.com/database/vulnerability/qode-essential-addons/wordpress-qode-essential-addons-plugin-1-5-2-arbitrary-plugin-installation-and-activation-vulnerability?_s_id=cve  
CVE-2023-46623 9.9 8.8 https://patchstack.com/database/vulnerability/wp-extra/wordpress-wp-extra-plugin-6-2-remote-code-execution-rce-via-htaccess-modification-vulnerability?_s_id=cve  
CVE-2023-45751 9.1 7.2 https://patchstack.com/database/vulnerability/nexter-extension/wordpress-nexter-extension-plugin-2-0-3-remote-code-execution-rce-vulnerability?_s_id=cve  
CVE-2023-40606 9.1 7.2 https://patchstack.com/database/vulnerability/kanban/wordpress-kanban-boards-for-wordpress-plugin-2-5-21-arbitrary-code-execution-vulnerability?_s_id=cve  
CVE-2023-32095 9.9 8.8 https://patchstack.com/database/vulnerability/rename-media-files/wordpress-rename-media-files-plugin-1-0-1-remote-code-execution-rce-vulnerability?_s_id=cve  
CVE-2023-25054 10.0 9.8 https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-10-6-6-remote-code-execution-rce-vulnerability?_s_id=cve  
CVE-2023-22677 8.5 8.8 https://patchstack.com/database/vulnerability/wp-booklet/wordpress-wp-booklet-plugin-2-1-8-remote-code-execution-rce?_s_id=cve  
CVE-2023-50901 7.1 6.1 https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-3-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2023-51420 9.1 8.8 https://patchstack.com/database/vulnerability/verge3d/wordpress-verge3d-plugin-4-5-2-remote-code-execution-rce-vulnerability?_s_id=cve  
CVE-2023-49830 9.9 8.8 https://patchstack.com/database/vulnerability/astra-addon/wordpress-astra-pro-plugin-4-3-1-contributor-remote-code-execution-rce-vulnerability?_s_id=cve  
CVE-2022-44589 8.1 7.5 https://patchstack.com/database/vulnerability/miniorange-2-factor-authentication/wordpress-miniorange-two-factor-authentication-plugin-5-6-1-sensitive-data-exposure-vulnerability?_s_id=cve  
CVE-2023-50837 7.6 7.2 https://patchstack.com/database/vulnerability/login-lockdown/wordpress-login-lockdown-protect-login-form-plugin-2-06-sql-injection-vulnerability?_s_id=cve  
CVE-2023-52135 7.6 7.2 https://patchstack.com/database/vulnerability/ws-form/wordpress-ws-form-lite-drag-drop-contact-form-builder-for-wordpress-plugin-1-9-170-sql-injection-vulnerability?_s_id=cve  
CVE-2023-51373 7.1 6.1 https://patchstack.com/database/vulnerability/google-picasa-albums-viewer/wordpress-google-photos-gallery-with-shortcodes-plugin-4-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2023-51545 9.6 8.8 https://patchstack.com/database/vulnerability/job-manager-career/wordpress-job-manager-career-plugin-1-4-4-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve  
CVE-2023-51505 10.0 9.8 https://patchstack.com/database/vulnerability/profit-products-tables-for-woocommerce/wordpress-active-products-tables-for-woocommerce-plugin-1-0-6-unauthenticated-php-object-injection-vulnerability?_s_id=cve  
CVE-2023-51470 9.9 8.8 https://patchstack.com/database/vulnerability/rencontre/wordpress-rencontre-plugin-3-11-1-authenticated-php-object-injection-vulnerability?_s_id=cve  
CVE-2023-51422 9.9 نامشخص https://patchstack.com/database/vulnerability/webinar-ignition/wordpress-webinarignition-plugin-3-05-0-authenticated-php-object-injection-vulnerability?_s_id=cve  
CVE-2023-51414 9.6 نامشخص https://patchstack.com/database/vulnerability/envialosimple-email-marketing-y-newsletters-gratis/wordpress-envialosimple-plugin-2-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve  
CVE-2023-50893 7.1 نامشخص https://patchstack.com/database/vulnerability/us-core/wordpress-upsolution-core-plugin-8-17-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2023-50892 7.1 نامشخص https://patchstack.com/database/vulnerability/thegem/wordpress-thegem-theme-5-9-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve  
CVE-2023-51475 10.0 نامشخص https://patchstack.com/database/vulnerability/wp-mlm/wordpress-wp-mlm-unilevel-plugin-4-0-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve  
CVE-2023-51473 10.0 نامشخص https://patchstack.com/database/vulnerability/terraclassifieds/wordpress-terraclassifieds-plugin-2-0-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve  
CVE-2023-51468 10.0 نامشخص https://patchstack.com/database/vulnerability/rencontre/wordpress-rencontre-plugin-3-10-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve  
CVE-2023-51421 9.9 نامشخص https://patchstack.com/database/vulnerability/verge3d/wordpress-verge3d-plugin-4-5-2-arbitrary-file-upload-vulnerability?_s_id=cve  
CVE-2023-51419 10.0 نامشخص https://patchstack.com/database/vulnerability/bertha-ai-free/wordpress-bertha-ai-plugin-1-11-10-7-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve  
CVE-2023-51417 9.9 نامشخص https://patchstack.com/database/vulnerability/jvm-rich-text-icons/wordpress-jvm-rich-text-icons-plugin-1-2-3-arbitrary-file-upload-vulnerability?_s_id=cve  
CVE-2023-51412 9.0 نامشخص https://patchstack.com/database/vulnerability/piotnetforms/wordpress-piotnetforms-plugin-1-0-25-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve  
CVE-2023-51411 10.0 نامشخص https://patchstack.com/database/vulnerability/acf-frontend-form-element/wordpress-frontend-admin-by-dynamiapps-plugin-3-18-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve  
CVE-2023-51410 9.9 نامشخص https://patchstack.com/database/vulnerability/wp-mail-log/wordpress-wp-mail-log-plugin-1-1-2-arbitrary-file-upload-vulnerability?_s_id=cve  

 

administrator

نظر دهید