CMSの脆弱性情報

2021年5月19日〜6月15日迄の間に7件7つの脆弱性が公表されています。

1. JVN#70566757
   2021/06/11
   WordPress
   クロスサイトスクリプティング
   http://jvn.jp/jp/JVN70566757/
   Welcart e-Commerce
2. JVN#79254445
   2021/06/15
   EC-CUBE
   クロスサイトスクリプティング
   http://jvn.jp/jp/JVN79254445/
   配送伝票番号プラグイン(3.0系)
3. JVN#79254445
   2021/06/15
   EC-CUBE
   クロスサイトスクリプティング
   http://jvn.jp/jp/JVN79254445/
   配送伝票番号csv一括登録プラグイン(3.0系)
4. JVN#79254445
   2021/06/15
   EC-CUBE
   クロスサイトスクリプティング
   http://jvn.jp/jp/JVN79254445/
   配送伝票番号メールプラグイン(3.0系)
5. JVN#57524494
   2021/06/15
   EC-CUBE
   クロスサイトスクリプティング
   http://jvn.jp/jp/JVN57524494/
   EC-CUBE3.0用プラグイン「帳票出力プラグイン」
6. JVN#57524494
   2021/06/15
   EC-CUBE
   クロスサイトスクリプティング
   http://jvn.jp/jp/JVN57524494/
   EC-CUBE3.0用プラグイン「メルマガ管理プラグイン」
7. JVN#57524494
   2021/06/15
   EC-CUBE
   クロスサイトスクリプティング
   http://jvn.jp/jp/JVN57524494/
   EC-CUBE3.0用プラグイン「カテゴリコンテンツプラグイン」

ちなみにWordPressに関してJVNに上がっていない情報も仕入れたので貼っておきます。こちらは2021年5月分になります。

WordPress Core Vulnerabilities

• WordPress 3.7 to 5.7.1 - Object Injection in PHPMailer

WordPress Plugin Vulnerabilities

• FooGallery < 2.0.35 - Authenticated Stored Cross-Site Scripting
• Yes/No Chart < 1.0.12 - Authenticated (contributor+) Blind SQL Injection
• The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
• The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending
• The Plus Addons for Elementor < 4.1.12 - Reflected Cross-Site Scripting (XSS)
• NinjaFirewall < 4.3.4 - Authenticated (admin+) PHAR Deserialization
• Xllentech English Islamic Calendar < 2.6.8 - Authenticated SQL Injection
• Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection
• Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS)
• Sendit WP Newsletter <= 2.5.1 - Authenticated (admin+) SQL Injection
• Visitors <= 0.3 - Unauthenticated Stored Cross-Site Scripting (XSS)
• Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Activation
• Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard Value
• Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Installation
• Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import
• Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export
• Gallery From Files <= 1.6.0 - Reflected Cross-Site Scripting (XSS)
• Gallery From Files <= 1.6.0 - Unauthenticated RCE
• Multivendor Marketplace Solution for WooCommerce < 3.7.4 - Unauthenticated Arbitrary Product Comment
• Cookie Law Bar <= 1.2.1 - Authenticated Stored Cross-Site Scripting (XSS)
• SP Project & Document Manager <= 4.21 - Authenticated Shell Upload
• Easy Preloader <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS)
• iFlyChat – WordPress Chat <= 4.6.4 - Authenticated Stored Cross-Site Scripting (XSS)
• Video Embed <= 1.0 - Authenticated (subscriber+) SQL Injection
• FlightLog <= 3.0.2 - Authenticated (editor+) SQL Injection
• WP Statistics < 13.0.8 - Unauthenticated SQL Injection
• WP Prayer < 1.6.2 - Authenticated Stored Cross-Site Scripting (XSS)
• CM Registration Pro < 3.2.1 - PHP Object Injection
• Instant Images WordPress Plugin < 4.4.0.1 - Authenticated Stored XSS & XFS
• Smooth Scroll Page Up/Down Buttons < 1.4 - Authenticated Stored XSS
• Funnel Builder by CartFlows < 1.6.13 - Authenticated Stored XSS via FB Pixel ID and Google Analytics ID
• Database Backup for WordPress < 2.4 - Authenticated Persistent Cross-Site Scripting (XSS)
• WP Super Cache < 1.7.3 - Authenticated Remote Code Execution
• External Media < 1.0.34 - Authenticated Arbitrary File Upload
• Weekly Schedule < 3.4.3 - Authenticated Stored XSS
• Photo Gallery < 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title
• LifterLMS < 4.21.1 - Reflected Cross-Site Scripting (XSS) via Coupon Code in Checkout
• LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile
• All in One SEO Pack < 4.1.0.2 - Admin RCE via unserialize
• ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS)
• Simple Giveaways < 2.36.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)
• ThemeHigh WooCommerce Wishlist and Comparison < 1.0.5 - Unauthorised AJAX call
• Zlick Paywall < 2.2.2 - CSRF Bypasses
• Autoptimize < 2.8.4 - Authenticated Stored Cross-Site Scripting (XSS)
• Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS)
• UltimateWoo <= 0.1.10 - PHP Object Injection
• DSGVO All in one for WP < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
• Leads-5050 Visitor Insights < 1.0.4 - Unauthenticated License Change
• Leads-5050 Visitor Insights < 1.1.0 - Unauthorised License Change
• PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)
• Target First Plugin 2.0 - Unauthenticated Stored XSS via Licence Key
• Hana Flv Player <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS)
• Parcel Tracker eCourier < 1.0.2 - Plugin's Settings Update via CSRF
• Ship To Ecourier < 1.0.2 - Plugin's Settings Update via CSRF
• Simple Admin Language Change < 2.0.2 - Arbitrary User Locale Change
• Hotjar Connecticator <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS)
• WP Customer Reviews < 3.5.6 - Authenticated Stored Cross-Site Scripting (XSS)
• Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection

WordPress Theme Vulnerabilities

• JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)
• Car Repair Services < 4.0 - Unauthenticated Reflected XSS & XFS
• Mediumish <= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS)
• Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities
• Listeo < 1.6.11 - Multiple Authenticated IDOR Vulnerabilities
• Bello < 1.6.0 - Authenticated Cross-Site Scripting (XSS) and XFS
• Bello < 1.6.0 - Unauthenticated Reflected XSS & XFS
• Bello < 1.6.0 - Unauthenticated Blind SQL Injection
• Goto < 2.1 - Reflected Cross-Site Scripting (XSS)

結構ありますね。日々、アップデートが来ていないかの確認は必要かと思います。

前回の情報はこちら。