札幌市内で情報システム関連の企画提案・開発・構築・運用および顧問業務を行っております

CMSの脆弱性情報

  • HOME »
  • CMSの脆弱性情報

2021年3月15日〜4月14日迄の間に2件4つの脆弱性が公表されています。

  1. JVN#08191557
    2021/03/17
    WordPress
    SQLインジェクションの脆弱性
    http://jvn.jp/jp/JVN08191557/
    Paid Memberships Pro
  2. JVN#64869876
    2021/03/26
    baserCMS
    固定ページ編集画面におけるJavaScript入力制限不備
    http://jvn.jp/jp/JVN64869876/
  3. JVN#64869876
    2021/03/26
    baserCMS
    OSコマンドインジェクション
    http://jvn.jp/jp/JVN64869876/
  4. JVN#64869876
    2021/03/26
    baserCMS
    ブログ記事編集機能におけるJavaScript入力制限不備
    http://jvn.jp/jp/JVN64869876/

ちなみにWordPressに関してJVNに上がっていない情報も仕入れたので貼っておきます。こちらは2021年3月分になります。

WordPress Plugin Vulnerabilities

  • Woocommerce Customers Manager < 26.6 – Authenticated Reflected Cross-Site Scripting (XSS)
  • Woocommerce Customers Manager < 26.6 – Arbitrary Account Creation/Update via CSRF
  • Ivory Search < 4.6.1 – Reflected Cross Site Scripting (XSS)
  • Cooked Pro < 1.7.5.6 – Unauthenticated Reflected Cross Site Scripting (XSS)
  • Advanced Booking Calendar < 1.6.8 – Authenticated Reflected Cross-Site Scripting (XSS)
  • Controlled Admin Access < 1.5.6 – Improper Access Control to Privilege Escalation
  • Advanced Booking Calendar < 1.6.7 – Authenticated Reflected Cross-Site Scripting (XSS)
  • Easy Form Builder <= 1.0 – Unauthorised AJAX calls
  • AccessAlly < 3.5.7 – $_SERVER Superglobal Leakage
  • Patreon WordPress < 1.7.2 – Reflected XSS on patreon_save_attachment_patreon_level AJAX action
  • Patreon WordPress < 1.7.2 – Reflected XSS on Login Form
  • Patreon WordPress < 1.7.0 – CSRF to Disconnect Sites From Patreon
  • Patreon WordPress < 1.7.0 – CSRF to Overwrite/Create User Meta
  • Patreon WordPress < 1.7.0 – Unauthenticated Local File Disclosure
  • Easy Form Builder <= 1.0 – Authenticated Arbitrary File Upload
  • N5 Upload Form <= 1.0 – Unauthenticated Arbitrary File Upload to RCE
  • WP-Curricul Vitea Free <= 6.3 – Unauthenticated Arbitrary File Upload to RCE
  • Quiz And Survey Master < 7.1.14 – Authenticated SQL injection via Rest API
  • Quiz And Survey Master < 7.1.12 – Authenticated SQL injection via shortcode
  • Vertical News Scroller < 1.17 – Authenticated Reflected Cross-Site Scripting (XSS)
  • Facebook for WordPress < 3.0.0 – PHP Object Injection with POP Chain
  • Facebook for WordPress 3.0.0-3.0.3 – CSRF to Stored XSS and Settings Deletion
  • All Thrive Themes and Plugins – Unauthenticated Option Update
  • MapifyLife <= 3.3.0 – Authenticated Stored Cross-Site Scripting (XSS)
  • SecuPress < 2.0 – Unauthenticated Arbitrary IP Ban
  • Mapplic and Mapplic Lite – SSRF to Stored Cross-Site Scripting (XSS)
  • GiveWP < 2.10.0 – Reflected Cross Site Scripting (XSS)
  • Controlled Admin Access < 1.5.2 – Improper Access Control & Privilege Escalation
  • WooCommerce Help Scout < 2.9.1 – Unauthenticated Arbitrary File Upload leading to RCE
  • WordPress Related Posts <= 3.6.4 – Authenticated Stored Cross-Site Scripting (XSS)
  • PhastPress < 1.111 – Open Redirect
  • WP Page Builder < 1.2.4 – Multiple Stored Cross-Site scripting (XSS)
  • WP Page Builder < 1.2.4 – Insecure default configuration Allows Subscribers Editing Access to Posts
  • Elementor < 3.1.2 – Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget
  • Elementor < 3.1.2 – Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget
  • Elementor < 3.1.2 – Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget
  • Elementor < 3.1.2 – Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget
  • Elementor < 3.1.2 – Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget
  • Elementor < 3.1.2 – Authenticated Stored Cross-Site Scripting (XSS) in Column Element
  • BuddyPress < 7.2.1 – Invite Member to Join Group
  • BuddyPress < 7.2.1 – Manage BuddyPress Member Types
  • BuddyPress < 7.2.1 – Read Private Messages
  • BuddyPress < 7.2.1 – Force a Friendship
  • BuddyPress < 7.2.1 – REST API Privilege Escalation
  • Paid Membership Pro < 2.5.6 – Authenticated SQL Injection
  • wpDataTables < 3.4.2 – Blind SQL Injection via length Parameter
  • wpDataTables < 3.4.2 – Blind SQL Injection via start Parameter
  • wpDataTables < 3.4.2 – Improper Access Control leading to Table Data Deletion
  • wpDataTables < 3.4.2 – Improper Access Control leading to Table Permission Takeover
  • Flo Forms < 1.0.36 – Authenticated Options Change to Stored XSS
  • SEO Redirection <= 6.3 – Authenticated Reflected Cross-Site Scripting (XSS)
  • WP Super Cache < 1.7.2 – Authenticated Remote Code Execution (RCE)
  • Tutor LMS < 1.8.3 – SQL Injection via tutor_answering_quiz_question/get_answer_by_id
  • Tutor LMS < 1.7.7 – SQL Injection via tutor_place_rating
  • Tutor LMS < 1.7.7 – Unprotected AJAX including Privilege Escalation
  • Tutor LMS < 1.8.3 – SQL Injection via tutor_quiz_builder_get_question_form
  • Tutor LMS < 1.8.3 – SQL Injection via tutor_quiz_builder_get_answers_by_question
  • Tutor LMS < 1.7.7 – SQL Injection via tutor_mark_answer_as_correct
  • Related Posts for WordPress < 2.0.4 – Authenticated Reflected Cross-Site Scripting (XSS)
  • Social Slider Widget < 1.8.5 – Authenticated Reflected Cross-Site Scripting (XSS)
  • VM Backups <= 1.0 – CSRF to Stored Cross-Site Scripting (XSS)
  • VM Backups <= 1.0 – CSRF to Database Backup Download
  • JH 404 Logger <= 1.1 – Unauthenticated Stored Cross-Site Scripting (XSS)
  • Five Star Restaurant Menu < 2.2.1 – Unauthenticated PHP Object Injection
  • Database Backups <= 1.2.2.6 – CSRF to Backup Download
  • SuperStoreFinder & SuperInteractiveMaps – Unauthenticated SQL Injections
  • The Plus Addons for Elementor Page Builder < 4.1.7 – Authentication Bypass
  • WooCommerce Upload Files < 59.4 – Unauthenticated Arbitrary File Upload
  • User Profile Picture < 2.5.0 – Sensitive Information Disclosure
  • Advanced Order Export For WooCommerce < 3.1.8 – Reflected Cross-Site Scripting (XSS)
  • WP GDPR Compliance < 1.5.6 – Unauthenticated Stored Cross-Site Scripting (XSS)
  • Multiple Plugins – CSRF Nonce Bypasses

WordPress Theme Vulnerabilities

  • Goto – Tour & Travel < 2.0 – Unauthenticated Reflected XSS
  • Business Directory <= 1.2.0 – Unauthenticated Reflected Cross-Site Scripting (XSS)
  • All Thrive Themes Legacy Themes < 2.0.0 – Unauthenticated Arbitrary File Upload and Option Deletion
  • All Thrive Themes and Plugins – Unauthenticated Option Update

結構ありますね。日々、アップデートが来ていないかの確認は必要かと思います。

前回の情報はこちら

お気軽にお問い合わせください

PAGETOP
Powered by WordPress & BizVektor Theme by Vektor,Inc. technology.