2021年3月15日〜4月14日迄の間に2件4つの脆弱性が公表されています。
- JVN#08191557
2021/03/17
WordPress
SQLインジェクションの脆弱性
http://jvn.jp/jp/JVN08191557/
Paid Memberships Pro - JVN#64869876
2021/03/26
baserCMS
固定ページ編集画面におけるJavaScript入力制限不備
http://jvn.jp/jp/JVN64869876/ - JVN#64869876
2021/03/26
baserCMS
OSコマンドインジェクション
http://jvn.jp/jp/JVN64869876/ - JVN#64869876
2021/03/26
baserCMS
ブログ記事編集機能におけるJavaScript入力制限不備
http://jvn.jp/jp/JVN64869876/
ちなみにWordPressに関してJVNに上がっていない情報も仕入れたので貼っておきます。こちらは2021年3月分になります。
WordPress Plugin Vulnerabilities
- Woocommerce Customers Manager < 26.6 - Authenticated Reflected Cross-Site Scripting (XSS)
- Woocommerce Customers Manager < 26.6 - Arbitrary Account Creation/Update via CSRF
- Ivory Search < 4.6.1 - Reflected Cross Site Scripting (XSS)
- Cooked Pro < 1.7.5.6 - Unauthenticated Reflected Cross Site Scripting (XSS)
- Advanced Booking Calendar < 1.6.8 - Authenticated Reflected Cross-Site Scripting (XSS)
- Controlled Admin Access < 1.5.6 - Improper Access Control to Privilege Escalation
- Advanced Booking Calendar < 1.6.7 - Authenticated Reflected Cross-Site Scripting (XSS)
- Easy Form Builder <= 1.0 - Unauthorised AJAX calls
- AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage
- Patreon WordPress < 1.7.2 - Reflected XSS on patreon_save_attachment_patreon_level AJAX action
- Patreon WordPress < 1.7.2 - Reflected XSS on Login Form
- Patreon WordPress < 1.7.0 - CSRF to Disconnect Sites From Patreon
- Patreon WordPress < 1.7.0 - CSRF to Overwrite/Create User Meta
- Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure
- Easy Form Builder <= 1.0 - Authenticated Arbitrary File Upload
- N5 Upload Form <= 1.0 - Unauthenticated Arbitrary File Upload to RCE
- WP-Curricul Vitea Free <= 6.3 - Unauthenticated Arbitrary File Upload to RCE
- Quiz And Survey Master < 7.1.14 - Authenticated SQL injection via Rest API
- Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcode
- Vertical News Scroller < 1.17 - Authenticated Reflected Cross-Site Scripting (XSS)
- Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain
- Facebook for WordPress 3.0.0-3.0.3 - CSRF to Stored XSS and Settings Deletion
- All Thrive Themes and Plugins - Unauthenticated Option Update
- MapifyLife <= 3.3.0 - Authenticated Stored Cross-Site Scripting (XSS)
- SecuPress < 2.0 - Unauthenticated Arbitrary IP Ban
- Mapplic and Mapplic Lite - SSRF to Stored Cross-Site Scripting (XSS)
- GiveWP < 2.10.0 - Reflected Cross Site Scripting (XSS)
- Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation
- WooCommerce Help Scout < 2.9.1 - Unauthenticated Arbitrary File Upload leading to RCE
- WordPress Related Posts <= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS)
- PhastPress < 1.111 - Open Redirect
- WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS)
- WP Page Builder < 1.2.4 - Insecure default configuration Allows Subscribers Editing Access to Posts
- Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget
- Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget
- Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget
- Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget
- Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget
- Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Column Element
- BuddyPress < 7.2.1 - Invite Member to Join Group
- BuddyPress < 7.2.1 - Manage BuddyPress Member Types
- BuddyPress < 7.2.1 - Read Private Messages
- BuddyPress < 7.2.1 - Force a Friendship
- BuddyPress < 7.2.1 - REST API Privilege Escalation
- Paid Membership Pro < 2.5.6 - Authenticated SQL Injection
- wpDataTables < 3.4.2 - Blind SQL Injection via length Parameter
- wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter
- wpDataTables < 3.4.2 - Improper Access Control leading to Table Data Deletion
- wpDataTables < 3.4.2 - Improper Access Control leading to Table Permission Takeover
- Flo Forms < 1.0.36 - Authenticated Options Change to Stored XSS
- SEO Redirection <= 6.3 - Authenticated Reflected Cross-Site Scripting (XSS)
- WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE)
- Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id
- Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating
- Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation
- Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form
- Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_answers_by_question
- Tutor LMS < 1.7.7 - SQL Injection via tutor_mark_answer_as_correct
- Related Posts for WordPress < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS)
- Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS)
- VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)
- VM Backups <= 1.0 - CSRF to Database Backup Download
- JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
- Five Star Restaurant Menu < 2.2.1 - Unauthenticated PHP Object Injection
- Database Backups <= 1.2.2.6 - CSRF to Backup Download
- SuperStoreFinder & SuperInteractiveMaps - Unauthenticated SQL Injections
- The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass
- WooCommerce Upload Files < 59.4 - Unauthenticated Arbitrary File Upload
- User Profile Picture < 2.5.0 - Sensitive Information Disclosure
- Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)
- WP GDPR Compliance < 1.5.6 - Unauthenticated Stored Cross-Site Scripting (XSS)
- Multiple Plugins - CSRF Nonce Bypasses
WordPress Theme Vulnerabilities
- Goto - Tour & Travel < 2.0 - Unauthenticated Reflected XSS
- Business Directory <= 1.2.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)
- All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion
- All Thrive Themes and Plugins - Unauthenticated Option Update
結構ありますね。日々、アップデートが来ていないかの確認は必要かと思います。
前回の情報はこちら。