2021年4月15日〜5月18日迄の間に3件4つの脆弱性が公表されています。

  1. JVN#35240327
    2021/04/27
    WordPress
    ディレクトリトラバーサル
    http://jvn.jp/jp/JVN35240327/
    WP Fastest Cache
  2. JVN#97554111
    2021/05/10
    EC-CUBE
    クロスサイトスクリプティング
    http://jvn.jp/jp/JVN97554111/
  3. JVN#34232719
    2021/05/13
    KonaWiki2
    SQLインジェクション
    http://jvn.jp/jp/JVN34232719/
  4. JVN#34232719
    2021/05/13
    KonaWiki2
    任意のファイルのアップロード
    http://jvn.jp/jp/JVN34232719/

ちなみにWordPressに関してJVNに上がっていない情報も仕入れたので貼っておきます。こちらは2021年4月分になります。

WordPress Core Vulnerabilities

  • WordPress 5.6-5.7 - Authenticated XXE Within the Media Library Affecting PHP 8
  • WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure

WordPress Plugin Vulnerabilities

  • Download Manager < 3.1.19 - Authenticated (author+) PHP4 File Upload to RCE
  • Download Manager < 3.1.22 - Plugin Settings Change via CSRF
  • Download Manager < 3.1.23 - Unauthorised Asset Manager Usage
  • Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)
  • AcyMailing < 7.5.0 - Unauthenticated Open Redirect
  • WPGraphQL <= 1.3.5 - Denial of Service
  • WP Fastest Cache < 0.9.1.7 - Authenticated Arbitrary File Deletion via Path Traversal
  • Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 - Contributor+ Stored XSS
  • Store Locator Plus <= 5.5.14 - Authenticated Privilege Escalation
  • Store Locator Plus <= 5.5.15 - Unauthenticated Stored Cross-Site Scripting (XSS)
  • Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection
  • Software License Manager < 4.4.6 - CSRF to Stored XSS
  • Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)
  • Redirect 404 to Parent < 1.3.1 - Reflected Cross-Site Scripting (XSS)
  • Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via Low Privilege User
  • Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via CSRF
  • Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)
  • iThemes Security Free (< 7.9.1) & Pro (< 6.8.4) - Hide Backend Bypass
  • RSS for Yandex Turbo < 1.30 - Authenticated Stored Cross-Site Scripting (XSS)
  • Accordion < 2.2.30 - Authenticated Reflected Cross-Site Scripting (XSS)
  • Kaswara Modern VC Addons (0-day) - Unauthenticated Arbitrary File Upload
  • Redirection for Contact Form 7 < 2.3.4 - Unprotected AJAX Actions
  • Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Post Deletion
  • Redirection for Contact Form 7 < 2.3.4 - Authenticated PHP Object Injection
  • Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Plugin Installation
  • Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation
  • Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)
  • Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)
  • Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)
  • Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
  • WordPress Download Manager < 3.1.18 - Unauthorised Download Duplication
  • 404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
  • 404 SEO Redirection <= 1.3 - Reflected Cross-Site Scripting (XSS)
  • All 404 Redirect to Homepage < 1.21 - Reflected Cross-Site Scripting (XSS)
  • SEO Redirection < 6.4 - Authenticated Stored Cross-Site Scripting (XSS)
  • Edwiser Bridge < 2.0.7 - CSRF Nonce Bypass
  • Outdated php-mod/curl Library - Unauthenticated Reflected Cross-Site Scripting (XSS)
  • Easy Digital Downloads < 2.10.3 - Unauthorised Stripe Disconnect via CSRF
  • Clever Addons for Elementor < 2.1.0 - Contributor+ Stored XSS
  • User Rights Access Manager < 1.0.4 - Improper Access Controls
  • Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)
  • BuddyPress < 7.3.0 - Multiple Authenticated REST API Vulnerabilities
  • Ultimate Addons for Elementor < 1.30.0 - Contributor+ Stored XSS
  • DethemeKit For Elementor < 1.5.5.5 - Contributor+ Stored XSS
  • Sina Extension for Elementor < 3.3.12 - Contributor+ Stored XSS
  • JetWidgets For Elementor < 1.0.9 - Contributor+ Stored XSS
  • All-in-One Addons for Elementor - WidgetKit < 2.3.10 - Contributor+ Stored XSS
  • The Plus Addons for Elementor Page Builder Lite < 2.0.6 - Contributor+ Stored XSS
  • Rife Elementor Extensions & Templates < 1.1.6 - Contributor+ Stored XSS
  • Image Hover Effects - Elementor Addon < 1.3.4 - Contributor+ Stored XSS
  • PowerPack Addons for Elementor < 2.3.2 - Contributor+ Stored XSS
  • WooLentor - WooCommerce Elementor Addons + Builder < 1.8.6 - Contributor+ Stored XSS
  • HT Mega - Absolute Addons for Elementor Page Builder < 1.5.7 - Contributor+ Stored XSS
  • Livemesh Addons for Elementor < 6.8 - Contributor+ Stored XSS
  • Elementor Addon Elements < 1.11.2 - Contributor+ Stored XSS
  • ElementsKit and ElementsKit Pro < 2.2.0 - Contributor+ Stored XSS
  • Premium Addons for Elementor < 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS)
  • Elementor - Header, Footer & Blocks Template < 1.5.8 - Contributor+ Stored XSS
  • Essential Addons for Elementor < 4.5.4 - Contributor+ Stored Cross-Site Scripting (XSS)
  • Business Directory Plugin < 5.11.2 - Arbitrary Payment History Update
  • Business Directory Plugin < 5.11.2 - Arbitrary Listing Export
  • Business Directory Plugin < 5.11.2 - Authenticated Stored Cross-Site Scripting
  • College Publisher Import <= 0.1 - Arbitrary File Upload to RCE
  • Business Directory Plugin < 5.11.1 - Authenticated PHP4 Upload to RCE
  • Business Directory Plugin < 5.11.1 - Arbitrary Add/Edit/Delete Form Field to Stored XSS
  • Business Directory Plugin < 5.11 - Arbitrary File Upload to RCE
  • Classyfrieds <= 3.8 - Authenticated Arbitrary File Upload to RCE
  • Event Banner <= 1.3 - Arbitrary File Upload to RCE
  • Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)
  • Larsens Calender <= 1.2 - Stored Cross-Site Scripting (XSS)
  • WorkScout Core < 1.3.4 - Authenticated Stored XSS & XFS
  • Imagements <= 1.2.5 - Unauthenticated Arbitrary File Upload to RCE
  • Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)
  • OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
  • WPBakery Page Builder Clipboard < 4.5.8 - Unauthorised Arbitrary License Options Update
  • Simple Membership < 4.0.4 - Authenticated SQL Injections
  • Tutor LMS < 1.8.8 - Authenticated Local File Inclusion
  • WPBakery Page Builder Clipboard < 4.5.6 - Subscriber+ Stored Cross-Site Scripting (XSS)
  • Pie Register < 3.7.0.1 - Reflected Cross-Site Scripting (XSS)
  • Business Hours Pro <= 5.5.0 - Unauthenticated Arbitrary File Upload to RCE
  • Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)

WordPress Theme Vulnerabilities

  • Goto < 2.1 - Unauthenticated Blind SQL Injection
  • WorkScout Core < 1.3.4 - Authenticated Stored XSS & XFS

結構ありますね。日々、アップデートが来ていないかの確認は必要かと思います。

前回の情報はこちら