2021年4月15日〜5月18日迄の間に3件4つの脆弱性が公表されています。
- JVN#35240327
2021/04/27
WordPress
ディレクトリトラバーサル
http://jvn.jp/jp/JVN35240327/
WP Fastest Cache - JVN#97554111
2021/05/10
EC-CUBE
クロスサイトスクリプティング
http://jvn.jp/jp/JVN97554111/ - JVN#34232719
2021/05/13
KonaWiki2
SQLインジェクション
http://jvn.jp/jp/JVN34232719/ - JVN#34232719
2021/05/13
KonaWiki2
任意のファイルのアップロード
http://jvn.jp/jp/JVN34232719/
ちなみにWordPressに関してJVNに上がっていない情報も仕入れたので貼っておきます。こちらは2021年4月分になります。
WordPress Core Vulnerabilities
- WordPress 5.6-5.7 - Authenticated XXE Within the Media Library Affecting PHP 8
- WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure
WordPress Plugin Vulnerabilities
- Download Manager < 3.1.19 - Authenticated (author+) PHP4 File Upload to RCE
- Download Manager < 3.1.22 - Plugin Settings Change via CSRF
- Download Manager < 3.1.23 - Unauthorised Asset Manager Usage
- Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)
- AcyMailing < 7.5.0 - Unauthenticated Open Redirect
- WPGraphQL <= 1.3.5 - Denial of Service
- WP Fastest Cache < 0.9.1.7 - Authenticated Arbitrary File Deletion via Path Traversal
- Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 - Contributor+ Stored XSS
- Store Locator Plus <= 5.5.14 - Authenticated Privilege Escalation
- Store Locator Plus <= 5.5.15 - Unauthenticated Stored Cross-Site Scripting (XSS)
- Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection
- Software License Manager < 4.4.6 - CSRF to Stored XSS
- Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)
- Redirect 404 to Parent < 1.3.1 - Reflected Cross-Site Scripting (XSS)
- Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via Low Privilege User
- Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via CSRF
- Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)
- iThemes Security Free (< 7.9.1) & Pro (< 6.8.4) - Hide Backend Bypass
- RSS for Yandex Turbo < 1.30 - Authenticated Stored Cross-Site Scripting (XSS)
- Accordion < 2.2.30 - Authenticated Reflected Cross-Site Scripting (XSS)
- Kaswara Modern VC Addons (0-day) - Unauthenticated Arbitrary File Upload
- Redirection for Contact Form 7 < 2.3.4 - Unprotected AJAX Actions
- Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Post Deletion
- Redirection for Contact Form 7 < 2.3.4 - Authenticated PHP Object Injection
- Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Plugin Installation
- Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation
- Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)
- Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)
- Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)
- Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
- WordPress Download Manager < 3.1.18 - Unauthorised Download Duplication
- 404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
- 404 SEO Redirection <= 1.3 - Reflected Cross-Site Scripting (XSS)
- All 404 Redirect to Homepage < 1.21 - Reflected Cross-Site Scripting (XSS)
- SEO Redirection < 6.4 - Authenticated Stored Cross-Site Scripting (XSS)
- Edwiser Bridge < 2.0.7 - CSRF Nonce Bypass
- Outdated php-mod/curl Library - Unauthenticated Reflected Cross-Site Scripting (XSS)
- Easy Digital Downloads < 2.10.3 - Unauthorised Stripe Disconnect via CSRF
- Clever Addons for Elementor < 2.1.0 - Contributor+ Stored XSS
- User Rights Access Manager < 1.0.4 - Improper Access Controls
- Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)
- BuddyPress < 7.3.0 - Multiple Authenticated REST API Vulnerabilities
- Ultimate Addons for Elementor < 1.30.0 - Contributor+ Stored XSS
- DethemeKit For Elementor < 1.5.5.5 - Contributor+ Stored XSS
- Sina Extension for Elementor < 3.3.12 - Contributor+ Stored XSS
- JetWidgets For Elementor < 1.0.9 - Contributor+ Stored XSS
- All-in-One Addons for Elementor - WidgetKit < 2.3.10 - Contributor+ Stored XSS
- The Plus Addons for Elementor Page Builder Lite < 2.0.6 - Contributor+ Stored XSS
- Rife Elementor Extensions & Templates < 1.1.6 - Contributor+ Stored XSS
- Image Hover Effects - Elementor Addon < 1.3.4 - Contributor+ Stored XSS
- PowerPack Addons for Elementor < 2.3.2 - Contributor+ Stored XSS
- WooLentor - WooCommerce Elementor Addons + Builder < 1.8.6 - Contributor+ Stored XSS
- HT Mega - Absolute Addons for Elementor Page Builder < 1.5.7 - Contributor+ Stored XSS
- Livemesh Addons for Elementor < 6.8 - Contributor+ Stored XSS
- Elementor Addon Elements < 1.11.2 - Contributor+ Stored XSS
- ElementsKit and ElementsKit Pro < 2.2.0 - Contributor+ Stored XSS
- Premium Addons for Elementor < 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS)
- Elementor - Header, Footer & Blocks Template < 1.5.8 - Contributor+ Stored XSS
- Essential Addons for Elementor < 4.5.4 - Contributor+ Stored Cross-Site Scripting (XSS)
- Business Directory Plugin < 5.11.2 - Arbitrary Payment History Update
- Business Directory Plugin < 5.11.2 - Arbitrary Listing Export
- Business Directory Plugin < 5.11.2 - Authenticated Stored Cross-Site Scripting
- College Publisher Import <= 0.1 - Arbitrary File Upload to RCE
- Business Directory Plugin < 5.11.1 - Authenticated PHP4 Upload to RCE
- Business Directory Plugin < 5.11.1 - Arbitrary Add/Edit/Delete Form Field to Stored XSS
- Business Directory Plugin < 5.11 - Arbitrary File Upload to RCE
- Classyfrieds <= 3.8 - Authenticated Arbitrary File Upload to RCE
- Event Banner <= 1.3 - Arbitrary File Upload to RCE
- Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)
- Larsens Calender <= 1.2 - Stored Cross-Site Scripting (XSS)
- WorkScout Core < 1.3.4 - Authenticated Stored XSS & XFS
- Imagements <= 1.2.5 - Unauthenticated Arbitrary File Upload to RCE
- Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)
- OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
- WPBakery Page Builder Clipboard < 4.5.8 - Unauthorised Arbitrary License Options Update
- Simple Membership < 4.0.4 - Authenticated SQL Injections
- Tutor LMS < 1.8.8 - Authenticated Local File Inclusion
- WPBakery Page Builder Clipboard < 4.5.6 - Subscriber+ Stored Cross-Site Scripting (XSS)
- Pie Register < 3.7.0.1 - Reflected Cross-Site Scripting (XSS)
- Business Hours Pro <= 5.5.0 - Unauthenticated Arbitrary File Upload to RCE
- Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)
WordPress Theme Vulnerabilities
- Goto < 2.1 - Unauthenticated Blind SQL Injection
- WorkScout Core < 1.3.4 - Authenticated Stored XSS & XFS
結構ありますね。日々、アップデートが来ていないかの確認は必要かと思います。
前回の情報はこちら。