مجموعه آسیب‌پذیری‌ها با سطح خطر بالا و بحرانی در WordPress

شناسایی مجموعه آسیب‌پذیری‌ها با سطح خطر بالا و بحرانی در WordPress شامل افزونه‌های Social Author Bio تا نسخه 2.4، Change default login logo,url and title تا نسخه 2.0، Broken Images تا نسخه 0.2، Sync Post With Other Site تا نسخه 1.5.1، Product Feed on WooCommerce for Google تا نسخه 3.5.7، Advanced Page Visit Counter تا نسخه 8.0.6، BA Book Everything تا نسخه 1.6.4، Find Duplicates تا نسخه 1.4.6، Realtyna Organic IDX plugin تا نسخه 4.14.4، CBX Bookmark & Favorite تا نسخه 1.7.20، Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook تا نسخه 1.1.12، Disable Comments | WPZest تا نسخه 1.51، BWL Advanced FAQ Manager تا نسخه 2.0.3، User Activity Log Pro تا نسخه 2.3.4، Podlove Podcast Publisher تا نسخه 4.0.12 و Login with phone number تا نسخه 1.6.93 امکان XSS، CSRF و تزریق SQL  را برای مهاجم فراهم می‌سازد.

شناسه آسیب‌پذیری شدت آسیب‌پذیری لینک راهکار توضیحات
Vendor NVD
CVE-2024-30545 7.1 نامشخص https://patchstack.com/database/vulnerability/social-autho-bio/wordpress-social-author-bio-plugin-2-4-stored-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve  
CVE-2024-31086 7.1 نامشخص https://patchstack.com/database/vulnerability/change-default-login-logo-url-and-title/wordpress-change-default-login-logo-url-and-title-plugin-2-0-csrf-to-xss-vulnerability?_s_id=cve  
CVE-2024-31093 7.1 نامشخص https://patchstack.com/database/vulnerability/wp-broken-images/wordpress-broken-images-plugin-0-2-csrf-to-xss-vulnerability?_s_id=cve  
CVE-2024-32082 7.1 نامشخص https://patchstack.com/database/vulnerability/sync-post-with-other-site/wordpress-sync-post-with-other-site-plugin-1-4-2-cross-site-request-forgery-csrf-to-xss-vulnerability?_s_id=cve  
CVE-2024-32087 7.6 نامشخص https://patchstack.com/database/vulnerability/purple-xmls-google-product-feed-for-woocommerce/wordpress-product-feed-on-woocommerce-for-google-awin-shareasale-bing-and-more-plugin-3-5-7-auth-sql-injection-sqli-vulnerability?_s_id=cve  
CVE-2024-32098 7.6 نامشخص https://patchstack.com/database/vulnerability/advanced-page-visit-counter/wordpress-advanced-page-visit-counter-plugin-8-0-6-auth-sql-injection-sqli-vulnerability?_s_id=cve  
CVE-2024-32125 8.5 نامشخص https://patchstack.com/database/vulnerability/ba-book-everything/wordpress-ba-book-everything-plugin-1-6-4-sql-injection-vulnerability?_s_id=cve  
CVE-2024-32127 8.5 نامشخص https://patchstack.com/database/vulnerability/find-duplicates/wordpress-find-duplicates-plugin-1-4-6-subscriber-sql-injection-vulnerability?_s_id=cve  
CVE-2024-32128 9.3 نامشخص https://patchstack.com/database/vulnerability/real-estate-listing-realtyna-wpl/wordpress-realtyna-organic-idx-plugin-wpl-real-estate-plugin-4-14-4-unauthenticated-sql-injection-vulnerability?_s_id=cve  
CVE-2024-32132 7.6 نامشخص https://patchstack.com/database/vulnerability/cbxwpbookmark/wordpress-cbx-bookmark-favorite-plugin-1-7-20-sql-injection-vulnerability?_s_id=cve  
CVE-2024-32134 7.6 نامشخص https://patchstack.com/database/vulnerability/forms-to-zapier/wordpress-forms-to-zapier-plugin-1-1-12-sql-injection-vulnerability?_s_id=cve  
CVE-2024-32135 7.6 نامشخص https://patchstack.com/database/vulnerability/disable-comments-wpz/wordpress-disable-comments-wpzest-plugin-1-51-sql-injection-vulnerability?_s_id=cve  
CVE-2024-32136 7.6 نامشخص https://patchstack.com/database/vulnerability/bwl-advanced-faq-manager/wordpress-bwl-advanced-faq-manager-plugin-2-0-3-sql-injection-vulnerability?_s_id=cve  
CVE-2024-32137 8.5 نامشخص https://patchstack.com/database/vulnerability/user-activity-log-pro/wordpress-user-activity-log-pro-plugin-2-3-4-subscriber-sql-injection-vulnerability?_s_id=cve  
CVE-2024-32139 8.5 نامشخص https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-0-12-sql-injection-vulnerability?_s_id=cve  
CVE-2024-31424 8.8 نامشخص https://patchstack.com/database/vulnerability/login-with-phone-number/wordpress-login-with-phone-number-plugin-1-6-93-cross-site-request-forgery-csrf-vulnerability?_s_id=cve  

 

 

administrator

نظر دهید