2021年3月15日〜4月14日迄の間に2件4つの脆弱性が公表されています。

  1. JVN#08191557
    2021/03/17
    WordPress
    SQLインジェクションの脆弱性
    http://jvn.jp/jp/JVN08191557/
    Paid Memberships Pro
  2. JVN#64869876
    2021/03/26
    baserCMS
    固定ページ編集画面におけるJavaScript入力制限不備
    http://jvn.jp/jp/JVN64869876/
  3. JVN#64869876
    2021/03/26
    baserCMS
    OSコマンドインジェクション
    http://jvn.jp/jp/JVN64869876/
  4. JVN#64869876
    2021/03/26
    baserCMS
    ブログ記事編集機能におけるJavaScript入力制限不備
    http://jvn.jp/jp/JVN64869876/

ちなみにWordPressに関してJVNに上がっていない情報も仕入れたので貼っておきます。こちらは2021年3月分になります。

WordPress Plugin Vulnerabilities

  • Woocommerce Customers Manager < 26.6 - Authenticated Reflected Cross-Site Scripting (XSS)
  • Woocommerce Customers Manager < 26.6 - Arbitrary Account Creation/Update via CSRF
  • Ivory Search < 4.6.1 - Reflected Cross Site Scripting (XSS)
  • Cooked Pro < 1.7.5.6 - Unauthenticated Reflected Cross Site Scripting (XSS)
  • Advanced Booking Calendar < 1.6.8 - Authenticated Reflected Cross-Site Scripting (XSS)
  • Controlled Admin Access < 1.5.6 - Improper Access Control to Privilege Escalation
  • Advanced Booking Calendar < 1.6.7 - Authenticated Reflected Cross-Site Scripting (XSS)
  • Easy Form Builder <= 1.0 - Unauthorised AJAX calls
  • AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage
  • Patreon WordPress < 1.7.2 - Reflected XSS on patreon_save_attachment_patreon_level AJAX action
  • Patreon WordPress < 1.7.2 - Reflected XSS on Login Form
  • Patreon WordPress < 1.7.0 - CSRF to Disconnect Sites From Patreon
  • Patreon WordPress < 1.7.0 - CSRF to Overwrite/Create User Meta
  • Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure
  • Easy Form Builder <= 1.0 - Authenticated Arbitrary File Upload
  • N5 Upload Form <= 1.0 - Unauthenticated Arbitrary File Upload to RCE
  • WP-Curricul Vitea Free <= 6.3 - Unauthenticated Arbitrary File Upload to RCE
  • Quiz And Survey Master < 7.1.14 - Authenticated SQL injection via Rest API
  • Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcode
  • Vertical News Scroller < 1.17 - Authenticated Reflected Cross-Site Scripting (XSS)
  • Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain
  • Facebook for WordPress 3.0.0-3.0.3 - CSRF to Stored XSS and Settings Deletion
  • All Thrive Themes and Plugins - Unauthenticated Option Update
  • MapifyLife <= 3.3.0 - Authenticated Stored Cross-Site Scripting (XSS)
  • SecuPress < 2.0 - Unauthenticated Arbitrary IP Ban
  • Mapplic and Mapplic Lite - SSRF to Stored Cross-Site Scripting (XSS)
  • GiveWP < 2.10.0 - Reflected Cross Site Scripting (XSS)
  • Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation
  • WooCommerce Help Scout < 2.9.1 - Unauthenticated Arbitrary File Upload leading to RCE
  • WordPress Related Posts <= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS)
  • PhastPress < 1.111 - Open Redirect
  • WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS)
  • WP Page Builder < 1.2.4 - Insecure default configuration Allows Subscribers Editing Access to Posts
  • Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget
  • Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget
  • Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget
  • Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget
  • Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget
  • Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Column Element
  • BuddyPress < 7.2.1 - Invite Member to Join Group
  • BuddyPress < 7.2.1 - Manage BuddyPress Member Types
  • BuddyPress < 7.2.1 - Read Private Messages
  • BuddyPress < 7.2.1 - Force a Friendship
  • BuddyPress < 7.2.1 - REST API Privilege Escalation
  • Paid Membership Pro < 2.5.6 - Authenticated SQL Injection
  • wpDataTables < 3.4.2 - Blind SQL Injection via length Parameter
  • wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter
  • wpDataTables < 3.4.2 - Improper Access Control leading to Table Data Deletion
  • wpDataTables < 3.4.2 - Improper Access Control leading to Table Permission Takeover
  • Flo Forms < 1.0.36 - Authenticated Options Change to Stored XSS
  • SEO Redirection <= 6.3 - Authenticated Reflected Cross-Site Scripting (XSS)
  • WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE)
  • Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id
  • Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating
  • Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation
  • Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form
  • Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_answers_by_question
  • Tutor LMS < 1.7.7 - SQL Injection via tutor_mark_answer_as_correct
  • Related Posts for WordPress < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS)
  • Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS)
  • VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)
  • VM Backups <= 1.0 - CSRF to Database Backup Download
  • JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
  • Five Star Restaurant Menu < 2.2.1 - Unauthenticated PHP Object Injection
  • Database Backups <= 1.2.2.6 - CSRF to Backup Download
  • SuperStoreFinder & SuperInteractiveMaps - Unauthenticated SQL Injections
  • The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass
  • WooCommerce Upload Files < 59.4 - Unauthenticated Arbitrary File Upload
  • User Profile Picture < 2.5.0 - Sensitive Information Disclosure
  • Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)
  • WP GDPR Compliance < 1.5.6 - Unauthenticated Stored Cross-Site Scripting (XSS)
  • Multiple Plugins - CSRF Nonce Bypasses

WordPress Theme Vulnerabilities

  • Goto - Tour & Travel < 2.0 - Unauthenticated Reflected XSS
  • Business Directory <= 1.2.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)
  • All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion
  • All Thrive Themes and Plugins - Unauthenticated Option Update

結構ありますね。日々、アップデートが来ていないかの確認は必要かと思います。

前回の情報はこちら