مجموعه آسیب‌پذیری‌ها‌ با سطح خطر بالا و بحرانی در WordPress

شناسایی مجموعه آسیب‌پذیری‌ها‌ با سطح خطر بالا و بحرانی در WordPress، شامل افزونه‌هایUndsgn Uncode – Creative & WooCommerce تا نسخه 2.8.6،GiveWP GiveWP – Donation  و  Fundraising Platformتا نسخه 2.25.3، WooCommerce Product Add-Ons تا نسخه 6.1.3،FunnelKit Funnel Builder  برایWordPress  باFunnelKit – Customize WooCommerce Checkout Pages،Create Sales Funnels & Maximize Profits نسخه 2.14.3، FunnelKit Recover WooCommerce Cart Abandonment،Newsletter ،Email Marketing ، Marketing Automation  با  FunnelKitتا نسخه 22.6.1، Aaron J 404 تا نسخه 2.34.0، E2Pdf – Export To Pdf Tool تا نسخه 1.20.23،N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking تا نسخه 1.6.6.1، StylemixThemes Booking Calendar | Appointment Booking | BookIt تا نسخه 2.4.3،Nasirahmed Advanced Form Integration Connect WooCommerce، Contact Form 7 و Google Sheets تا نسخه 1.75.0،Squirrly Squirrly SEO – Advanced Pack تا نسخه 2.3.8، Sam Perrow Pre* Party Resource Hints تا نسخه 1.8.18،Basix NEX-Forms – Ultimate Form Builder – Contact forms تا نسخه 8.5.5، JS Help Desk JS Help Desk – Best Help Desk & Support تا نسخه 2.8.1،wpdevelop, oplugins Booking Manager تا نسخه 2.1.5،BookingPress – Appointment Booking Calendar  و Online Scheduling تا نسخه 1.0.79، Matthew Fries MF Gig Calendar تا نسخه 1.2.1، Clockwork Clockwork SMS Notfications تا نسخه 3.0.4، James Ward Mail logging – WP Mail Catcher تا نسخه 2.1.3، GeoDirectory – WordPress Business Directory تا نسخه 2.3.28، RegistrationMagic Custom Registration Forms، User Registration،Payment  و User Login تا نسخه 5.2.4.5 و Collne Inc. Welcart e-Commerce تا نسخه 2.9.3، به دلیل خنثی سازی نامناسب ورودی و سریال زدایی از داده های غیرقابل اعتماد امکان تزریق SQL و XSS را برای مهاجم فراهم می‌سازد.

شناسه آسیب‌پذیری شدت آسیب‌پذیری لینک راهکار توضیحات
Vendor NVD
CVE-2023-51501   نامشخص https://patchstack.com/database/vulnerability/uncode-core/wordpress-uncode-core-plugin-2-8-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve 7.1
CVE-2023-32513   نامشخص https://patchstack.com/database/vulnerability/give/wordpress-give-donation-plugin-plugin-2-25-3-php-object-injection-vulnerability?_s_id=cve 7.1
CVE-2023-32795   نامشخص https://patchstack.com/database/vulnerability/woocommerce-product-addons/wordpress-woocommerce-product-add-ons-plugin-6-1-3-authenticated-php-object-injection-vulnerability?_s_id=cve 8.2
CVE-2023-50856   نامشخص https://patchstack.com/database/vulnerability/funnel-builder/wordpress-funnel-builder-for-wordpress-by-funnelkit-plugin-2-14-3-sql-injection-vulnerability?_s_id=cve 7.6
CVE-2023-50857   نامشخص https://patchstack.com/database/vulnerability/wp-marketing-automations/wordpress-automation-by-funnelkit-plugin-2-6-1-sql-injection-vulnerability?_s_id=cve 7.6
CVE-2023-50848   نامشخص https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-34-0-sql-injection-vulnerability?_s_id=cve 7.6
CVE-2023-50849   نامشخص https://patchstack.com/database/vulnerability/e2pdf/wordpress-e2pdf-plugin-1-20-23-sql-injection-vulnerability?_s_id=cve 7.6
CVE-2023-50851   نامشخص https://patchstack.com/database/vulnerability/simply-schedule-appointments/wordpress-simply-schedule-appointments-booking-plugin-1-6-6-1-sql-injection-vulnerability?_s_id=cve 7.6
CVE-2023-50852   نامشخص https://patchstack.com/database/vulnerability/bookit/wordpress-bookit-plugin-2-4-3-sql-injection-vulnerability?_s_id=cve 7.6
CVE-2023-50853   نامشخص https://patchstack.com/database/vulnerability/advanced-form-integration/wordpress-advanced-form-integration-plugin-1-75-0-sql-injection-vulnerability?_s_id=cve 7.6
CVE-2023-50854   نامشخص https://patchstack.com/database/vulnerability/squirrly-seo-pack/wordpress-squirrly-seo-advanced-pack-plugin-2-3-8-sql-injection-vulnerability?_s_id=cve 7.6
CVE-2023-50855   نامشخص https://patchstack.com/database/vulnerability/pre-party-browser-hints/wordpress-pre-party-resource-hints-plugin-1-8-18-sql-injection-vulnerability?_s_id=cve 7.6
CVE-2023-50838   نامشخص https://patchstack.com/database/vulnerability/nex-forms-express-wp-form-builder/wordpress-nex-forms-ultimate-form-builder-8-5-5-sql-injection-vulnerability?_s_id=cve 7.6
CVE-2023-50839   نامشخص https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-plugin-2-8-1-unauthenticated-sql-injection-vulnerability?_s_id=cve 9.3
CVE-2023-50840   نامشخص https://patchstack.com/database/vulnerability/booking-manager/wordpress-booking-manager-plugin-2-1-5-sql-injection-vulnerability?_s_id=cve 8.5
CVE-2023-50841   نامشخص https://patchstack.com/database/vulnerability/bookingpress-appointment-booking/wordpress-bookingpress-plugin-1-0-72-sql-injection-vulnerability?_s_id=cve 8.5
CVE-2023-50842   نامشخص https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-1-sql-injection-vulnerability?_s_id=cve 8.5
CVE-2023-50844   نامشخص https://patchstack.com/database/vulnerability/wp-mail-catcher/wordpress-wp-mail-catcher-plugin-2-1-3-sql-injection-vulnerability?_s_id=cve 7.6
CVE-2023-50845   نامشخص https://patchstack.com/database/vulnerability/geodirectory/wordpress-geodirectory-plugin-2-3-28-sql-injection-vulnerability?_s_id=cve 7.6
CVE-2023-50846   نامشخص https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-4-5-sql-injection-vulnerability?_s_id=cve 7.6
CVE-2023-50847   نامشخص https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-9-3-sql-injection-vulnerability?_s_id=cve 7.6

 

 

administrator

نظر دهید