مجموعه آسیب‌پذیری‌ها با سطح خطر بالا و بحرانی در WordPress

شناسایی مجموعه آسیب‌پذیری‌ها با سطح خطر بالا و بحرانی در WordPress شامل افزونه‌هایEnvíaloSimple: Email Marketing y Newsletters تا نسخه 2.3، WP Activity Log Premium تا نسخه 4.6.4، Hubbub Lite – Fast, Reliable Social Sharing Buttons تا نسخه 1.33.1، Avada theme تا نسخه 7.11.6، Appointment Booking Calendar — Simply Schedule Appointments Booking تا نسخه 1.6.7.7، Simple Ajax Cha تا نسخه 20240216، Network Summary تا نسخه 2.0.11، Link Whisper Free تا نسخه 0.7.1، MasterStudy LMS تا نسخه 3.3.3، Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce تا نسخه 2.6.3، Ultimate Video Player For WordPress نسخه قبل از 2.2.3، WordPress Ping Optimizer تا نسخه 2.35.1.3.0، 5 Stars Rating Funnel تا نسخه 1.2.26، Wholesale For WooCommerce تا نسخه 2.3.0، SearchIQ تا نسخه 4.5، User Activity Log تا نسخه 1.8، Slideshow Gallery تا نسخه 1.7.8، MP3 Audio Player for Music, Radio & Podcast by Sonaar تا نسخه 4.10.1، ReDi Restaurant Reservation تا نسخه 24.0128، تا نسخه 3.1 و FunnelKit Checkout  تا نسخه 3.10.3 امکان CSRF و بارگذاری فایل مخرب، تزریق SQL، سریال‌زدایی از داده‌های غیرقابل اعتماد و تزریق شی PHP، Stored XSS، گنجاندن فایل محلی (LFI)، پاک کردن Log از طریق CSRF، حذف مطالب دلخواه، افشای اطلاعات حساس، بارگیری فایل دلخواه و حذف فایل دلخواه را برای مهاجم فراهم می‌سازد.

شناسه آسیب‌پذیری شدت آسیب‌پذیری لینک راهکار توضیحات
Vendor NVD
CVE-2024-2125 8.8 نامشخص https://www.wordfence.com/threat-intel/vulnerabilities/id/2b39abc8-9281-4d58-a9ec-877c5bae805a?source=cve  
CVE-2024-2018 8.8 نامشخص https://www.wordfence.com/threat-intel/vulnerabilities/id/2f060ea1-01e2-4e5b-82ba-b5cdd0d8290a?source=cve  
CVE-2024-2501 7.5 نامشخص https://www.wordfence.com/threat-intel/vulnerabilities/id/d3999c59-57a9-410c-a550-7d198bdb25ea?source=cve  
CVE-2024-2344 7.2 نامشخص https://www.wordfence.com/threat-intel/vulnerabilities/id/ccf0d2ca-2891-45d1-8ea2-90dd435b359f?source=cve  
CVE-2024-2342 8.8 نامشخص https://www.wordfence.com/threat-intel/vulnerabilities/id/0c0dd466-a78a-4b79-b9bd-5363f69d9a4c?source=cve  
CVE-2024-2341 8.8 نامشخص https://www.wordfence.com/threat-intel/vulnerabilities/id/e4930b03-9142-464e-98ae-a910dfa46f2a?source=cve  
CVE-2024-2957 7.2 نامشخص https://www.wordfence.com/threat-intel/vulnerabilities/id/f67b5cd8-bae8-48ca-87d5-7445724791f6?source=cve  
CVE-2024-2804 9.8 نامشخص https://www.wordfence.com/threat-intel/vulnerabilities/id/3320c182-b1f9-4e06-92ea-0fa670557dd0?source=cve  
CVE-2024-2693 8.8 نامشخص https://www.wordfence.com/threat-intel/vulnerabilities/id/7d5dd7cd-f96a-48df-a553-be5e59d8290f?source=cve  
CVE-2024-3136 9.8 نامشخص https://www.wordfence.com/threat-intel/vulnerabilities/id/9a573740-cdfe-4b58-b33b-5e50bcbc4779?source=cve  
CVE-2024-3020 7.2 نامشخص https://www.wordfence.com/threat-intel/vulnerabilities/id/d66df15e-1a0a-49e9-bcf9-67091499b24e?source=cve  
CVE-2024-2428 نامشخص https://wpscan.com/vulnerability/4832e223-4571-4b45-97db-2fd403797c49/  
CVE-2023-6385 نامشخص https://wpscan.com/vulnerability/362c56ff-85eb-480f-a825-9670d4c0e3d0/  
CVE-2024-31358 7.5 نامشخص https://patchstack.com/database/vulnerability/5-stars-rating-funnel/wordpress-5-stars-rating-funnel-plugin-1-2-67-arbitrary-content-deletion-vulnerability?_s_id=cve  
CVE-2024-31297 7.5 نامشخص https://patchstack.com/database/vulnerability/woocommerce-wholesale-pricing/wordpress-wholesale-for-woocommerce-plugin-2-3-1-unauthenticated-arbitrary-post-page-vulnerability?_s_id=cve  
CVE-2024-31259 7.5 نامشخص https://patchstack.com/database/vulnerability/searchiq/wordpress-searchiq-plugin-4-5-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve  
CVE-2024-31356 7.6 نامشخص https://patchstack.com/database/vulnerability/user-activity-log/wordpress-user-activity-log-plugin-1-8-sql-injection-vulnerability?_s_id=cve  
CVE-2024-31355 8.5 نامشخص https://patchstack.com/database/vulnerability/slideshow-gallery/wordpress-slideshow-gallery-lite-plugin-1-7-8-sql-injection-vulnerability?_s_id=cve  
CVE-2024-31343 7.5 نامشخص https://patchstack.com/database/vulnerability/mp3-music-player-by-sonaar/wordpress-mp3-audio-player-for-music-radio-podcast-by-sonaar-plugin-4-10-1-arbitrary-file-download-vulnerability?_s_id=cve  
CVE-2024-31299 7.1 نامشخص https://patchstack.com/database/vulnerability/redi-restaurant-reservation/wordpress-redi-restaurant-reservation-plugin-24-0128-cross-site-request-forgery-csrf-to-xss-vulnerability?_s_id=cve  
CVE-2024-31240 7.7 نامشخص https://patchstack.com/database/vulnerability/epoll-wp-voting/wordpress-wp-poll-maker-plugin-3-1-subscriber-arbitrary-file-deletion-vulnerability?_s_id=cve  
CVE-2023-51672 7.5 نامشخص https://patchstack.com/database/vulnerability/woofunnels-aero-checkout/wordpress-funnelkit-checkout-plugin-3-10-3-unauthenticated-arbitrary-post-page-deletion-vulnerability?_s_id=cve  

 

 

administrator

نظر دهید