札幌市内で情報システム関連の企画提案・開発・構築・運用および顧問業務を行っております

CMSの脆弱性情報

  • HOME »
  • CMSの脆弱性情報

2020年12月25日〜2021年1月19日迄の間に公表された脆弱性はありませんでした。

ちなみにWordPressに関してJVNに上がっていない情報も仕入れたので貼っておきます。こちらは2020年12月分になります。

WordPress Plugin Vulnerabilities

  • Site Offline < 1.4.4 – Multiple Cross-Site Request Forgery
  • Newsletter Manager <= 1.5.1 – Unauthenticated Insecure Deserialisation
  • LiteSpeed Cache < 3.6.1 – Authenticated Stored Cross-Site Scripting
  • WP Postratings < 1.86.1 – Authenticated Stored Cross-Site Scripting
  • Envira Gallery Lite < 1.8.3.3 – Authenticated Stored Cross-Site Scripting
  • Simple Social Buttons < 3.2.1 – Unauthenticated Reflected Cross-Site Scripting
  • Simple Social Buttons < 3.2.0 – Reflected Cross-Site Scripting
  • Contact Form 7 < 5.3.2 – Unrestricted File Upload
  • Redux Framework 4.1.22 – 4.1.23 – CSRF Nonce Validation Bypass
  • Redux Framework < 4.1.21 – CSRF Nonce Validation Bypass
  • Limit Login Attempts Reloaded < 2.17.4 – Login Rate Limiting Bypass
  • Limit Login Attempts Reloaded < 2.16.0 – Authenticated Reflected Cross-Site Scripting
  • Total Upkeep by BoldGrid < 1.14.10 – Unauthenticated Backup Download
  • Total Upkeep by BoldGrid < 1.14.10 – Sensitive Data Disclosure (Server IP Address, UID etc)
  • Directories Pro < 1.3.46 – Authenticated Self-Reflected Cross-Site Scripting
  • Directories Pro < 1.3.46 – Authenticated Reflected Cross-Site Scripting
  • Ultimate Category Excluder < 1.2 – Cross-Site Request Forgery
  • Pagelayer < 1.3.5 – Multiple Reflected Cross-Site Scripting (XSS)
  • DiveBook <= 1.1.4 – Unauthenticated SQL Injection
  • DiveBook <= 1.1.4 – Unauthenticated Reflected XSS
  • DiveBook <= 1.1.4 – Improper Authorisation Check
  • Easy WP SMTP < 1.4.3 – Debug Log Disclosure
  • Themify Portfolio Post < 1.1.6 – Authenticated Stored Cross-Site Scripting
  • Profile Builder & Profile Builder Pro < 3.3.3 – Authenticated Blind SQL Injection

WordPress Theme Vulnerabilities

  • ListingPro < 2.6.1 – Unauthenticated Sensitive Data Disclosure (Usernames, Emails etc)
  • ListingPro < 2.6.1 – Unauthenticated Arbitrary Plugin Installation/Activation/Deactivation

相変わらず結構ありますね。ちなみに、このリストは今月のメルマガのトップ記事で紹介した「WPScan」でのチェックに使われている情報になります。

前回の情報はこちら

お気軽にお問い合わせください

PAGETOP
Powered by WordPress & BizVektor Theme by Vektor,Inc. technology.