SK-CERT Bezpečnostné varovanie V20250319-02

Dôležitosť Kritická
Klasifikácia Neutajované/TLP:CLEAR
CVSS Skóre
 9.8
Identifikátor
Pluginy redakčného systému WordPress – viacero kritických bezpečnostných zraniteľností
Popis
Vývojári pluginov pre redakčný systém WordPress vydali bezpečnostné aktualizácie svojich produktov, ktoré opravujú viacero bezpečnostných zraniteľností, z ktorých sú viaceré označené ako kritické.
Najzávažnejšia bezpečnostná zraniteľnosť s identifikátorom CVE-2025-1771 sa nachádza vo WordPress plugine Traveler, spočíva v nedostatočnej implementácii bezpečnostných mechanizmov a umožňuje vzdialenému, neautentifikovanému útočníkovi prostredníctvom zaslania špeciálne vytvorených súborov vykonať škodlivý kód, získať neoprávnený prístup k citlivým údajom, vykonať neoprávnené zmeny v systéme a spôsobiť zneprístupnenie služby.
Zneužitím ostatných bezpečnostných zraniteľností možno získať neoprávnený prístup k citlivým údajom, vykonať neoprávnené zmeny v systéme, spôsobiť zneprístupnenie služby, získať úplnú kontrolu nad systémom, eskalovať privilégiá a vykonať škodlivý kód.
Zneužitie niektorých zraniteľností vyžaduje interakciu používateľa.
Dátum prvého zverejnenia varovania
17.3.2025
CVE
CVE-2025-1771, CVE-2024-11286, CVE-2025-1661, CVE-2025-0177, CVE-2024-13824, CVE-2024-13771, CVE-2024-11285, CVE-2024-11284, CVE-2025-1515, CVE-2024-12281, CVE-2025-0912, CVE-2025-1307, CVE-2024-8425, CVE-2024-9193, CVE-2024-13446, CVE-2025-2232, CVE-2024-11951, CVE-2025-1475, CVE-2024-12876, CVE-2025-1315, CVE-2025-1564, CVE-2025-1638, CVE-2025-1671, CVE-2024-12824, CVE-2025-1323, CVE-2025-0956, CVE-2025-1702, CVE-2024-11284, CVE-2025-28915, CVE-2025-26535, CVE-2025-22526, CVE-2025-2221, CVE-2025-2107, CVE-2024-13321, CVE-2024-8420, CVE-2024-13631, CVE-2024-13630, CVE-2025-1295, CVE-2025-1572, CVE-2024-2297, CVE-2025-1717, CVE-2025-1282, CVE-2025-1319, CVE-2024-13831, CVE-2024-12811, CVE-2025-1687, CVE-2025-1682, CVE-2025-1513, CVE-2025-1570, CVE-2024-13568, CVE-2024-9195, CVE-2024-13471, CVE-2024-13232, CVE-2024-13611, CVE-2025-1511, CVE-2024-13833, CVE-2024-13911, CVE-2024-12544, CVE-2024-12035, CVE-2024-12036, CVE-2024-9658, CVE-2024-13910, CVE-2024-13373, CVE-2025-2077 , CVE-2024-13773, CVE-2024-12810, CVE-2025-0952, CVE-2025-1707, CVE-2025-1119, CVE-2025-1561, CVE-2025-2250, CVE-2024-10942, CVE-2024-13891, CVE-2024-13376, CVE-2024-13913, CVE-2025-2103, CVE-2025-2166, CVE-2025-26890, CVE-2024-13497, CVE-2025-2164 , CVE-2025-2163, CVE-2025-1670, CVE-2025-1667, CVE-2025-2325, CVE-2025-22623, CVE-2025-1773, CVE-2024-54291, CVE-2024-12634, CVE-2024-13825, CVE-2025-24654, CVE-2025-1306, CVE-2024-13862 , CVE-2024-13853, CVE-2024-13836, CVE-2025-1639, CVE-2025-28933, CVE-2025-28932, CVE-2025-28931, CVE-2025-28925, CVE-2025-28923, CVE-2024-13877, CVE-2024-13878, CVE-2024-13875, CVE-2025-1286, CVE-2025-1321, CVE-2024-13881, CVE-2024-13876, CVE-2024-13880, CVE-2025-2106, CVE-2025-22624, CVE-2025-0767, CVE-2024-13777, CVE-2024-13885, CVE-2025-1486, CVE-2025-1436, CVE-2025-1401, CVE-2025-1798, CVE-2024-11283, CVE-2025-2056, CVE-2024-13787, CVE-2024-13747, CVE-2024-13809, CVE-2025-1764, CVE-2025-0749, CVE-2025-1768, CVE-2024-10804, CVE-2025-0959 , CVE-2024-13906, CVE-2024-13908, CVE-2024-13890, CVE-2024-13835, CVE-2024-11087, CVE-2024-13882, CVE-2024-13774, CVE-2024-11640, CVE-2024-13359, CVE-2025-2169, CVE-2024-13436, CVE-2025-1653, CVE-2025-1657, CVE-2024-11638 , CVE-2025-1382, CVE-2024-13574, CVE-2025-28922
IOC
Zasiahnuté systémy
Academist Membership vo verzii staršej ako 1.2
Ad Inserter vo verzii staršej ako 2.8.1
Aiomatic – AI Content Writer, Editor, ChatBot & AI Toolkit vo verzii staršej ako 2.3.9
Album Gallery vo verzii staršej ako 1.6.4
All in One WP Migration vo verzii staršej ako 7.90
Alloggio Membership vo verzii staršej ako 1.2
Allow PHP Execute vo všetkých verziách (ukončená podpora)
AnalyticsWP vo verzii staršej ako 2.1.0
Animation Addons for Elementor Pro vo verzii staršej ako 1.7
AppPresser vo verzii staršej ako 4.4.11
Appsero Helper vo verzii staršej ako 1.3.3
Arielbrailovsky-Viralad vo verzii staršej ako 1.0.8 (vrátane)
Better Messages vo verzii staršej ako 2.7.0
Bitcoin / AltCoin Payment Gateway for WooCommerce vo všetkých verziách (ukončená podpora)
Bricks vo verzii staršej ako 1.9.7
Car Dealer Automotive vo verzii staršej ako 1.6.4
Cardealer vo verzii staršej ako 1.6.5
Civi Theme vo verzii staršej ako 2.1.4 (vrátane)
CiyaShop vo verzii staršej ako 4.19.1
CM WordPress FAQ Plugin vo verzii staršej ako 1.2.6
Contact Us By Lord Linus vo všetkých verziách (ukončená podpora)
CS Framework vo verzii staršej ako 7.1 (vrátane)
Database Backup vo verzii staršej ako 2.37
Design Comuni Italia vo verzii staršej ako 1.1.2
DesignThemes Core Features vo verzii staršej ako 4.7 (vrátane)
DHVC Form vo verzii staršej ako 2.4.8
Directorist vo verzii staršej ako 8.2
Directory Listings WordPress plugin vo verzii staršej ako 2.1.7 (vrátane)
Download HTML TinyMCE Button vo všetkých verziách (ukončená podpora)
Eco Nature vo verzii staršej ako 2.1.0
Email Keep vo verzii staršej ako 1.1 (vrátane)
Eventer vo verzii staršej ako 3.9.9.3
Exertio Framework vo verzii staršej ako 1.3.2
Fluent Support vo verzii staršej ako 1.8.6
FooGallery vo verzii staršej ako 2.4.30
Gallery vo verzii staršej ako 4.7.4
GiveW vo verzii staršej ako 3.20.0
Go To Top vo verzii staršej ako 0.0.8 (vrátane)
Golo vo verzii staršej ako 1.6.11
Gtbabel vo verzii staršej ako 6.6.9
Hashtags vo verzii staršej ako 0.3.2 (vrátane)
Hero Slider vo verzii staršej ako 1.3.5 (vrátane)
Homey Login Register vo verzii staršej ako 2.4.0 (vrátane)
Homey vo verzii staršej ako 2.4.4
HUSKY vo verzii staršej ako 1.3.6.6
Industrial vo verzii staršej ako 1.7.9
Insert Code vo verzii staršej ako 2.4 (vrátane)
InstaWP Connect vo verzii staršej ako 0.1.0.84
InWave Jobs vo verzii staršej ako 3.5.1 (vrátane)
Javo Core vo verzii staršej ako 3.0.0.266
JobCareer vo verzii staršej ako 7.1 (vrátane)
KiviCare vo verzii staršej ako 3.6.8
Limit Bio vo verzii staršej ako 1.0 (vrátane)
Link My Posts vo všetkých verziách (ukončená podpora)
Login Me Now vo verzii staršej ako 1.7.2 (vrátane)
LoginPress vo verzii staršej ako 4.0.0
MaxA/B vo všetkých verziách (ukončená podpora)
mEintopf vo verzii staršej ako 0.2.1 (vrátane)
miniOrange Social Login and Register vo verzii staršej ako 200.3.9 (vrátane)
My Quota vo verzii staršej ako 1.0.8 (vrátane)
Newscrunch vo verzii staršej ako 1.8.4.1
NewsTicker vo verzii staršej ako 1.0 (vrátane)
No Disposable Email vo všetkých verziách (ukončená podpora)
Nokri vo verzii staršej ako 1.6.3
Om Stripe vo všetkých verziách (ukončená podpora)
Passbeemedia Web Push Notification vo verzii staršej ako 1.0.0 (vrátane)
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery vo verzii staršej ako 26.0.1
PHP/MySQL CPU performance statistics vo všetkých verziách (ukončená podpora)
pixelstats vo všetkých verziách (ukončená podpora)
PluginPass vo všetkých verziách (ukončená podpora)
Post Meta Data Manager vo verzii staršej ako 1.4.3 (vrátane)
Product Input Fields for WooCommerce vo verzii staršej ako 1.12.1
Realteo vo verzii staršej ako 1.2.9
Related Post vo verzii staršej ako 2.0.60
ReportAttacks vo verzii staršej ako 2.33
Review Schema vo verzii staršej ako 2.2.5
S3Bubble Media Streaming vo všetkých verziách (ukončená podpora)
SEO Plugin by Squirrly SEO vo verzii staršej ako 12.4.07 (vrátane)
SEO Tools vo verzii staršej ako 4.0.7 (vrátane)
SetSail Membership vo verzii staršej ako 1.1
Schedule vo verzii staršej ako 1.0.0 (vrátane)
School Management System for WordPress vo verzii staršej ako 93.0.0 (vrátane)
Simple Amazon Affiliate vo verzii staršej ako 1.0.9 (vrátane)
Simply Schedule Appointments vo verzii staršej ako 1.6.8.7
Site Mailer vo verzii staršej ako 1.2.4
SMTP by BestWebSoft vo verzii staršej ako 1.2.0
SoundRise Music vo verzii staršej ako 1.7.1
SpotBot vo verzii staršej ako 0.1.8
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity vo verzii staršej ako 1.12.18
Tabs for WooCommerce vo všetkých verziách (ukončená podpora)
teachPress vo verzii staršej ako 9.0.8
Templines Elementor Helper Core vo verzii staršej ako 2.8
ThemeEgg ToolKit vo všetkých verziách (ukončená podpora)
Travel Booking WordPress Theme vo verzii staršej ako 3.1.9 (vrátane)
Traveler vo verzii staršej ako 3.1.9
Ultimate Member vo verzii staršej ako 2.10.1
Ultimate Video Player vo verzii staršej ako 10.0 (vrátane)
User Registration vo verzii staršej ako 4.1.0
VEDA vo verzii staršej ako 4.2 (vrátane)
VikRentCar vo verzii staršej ako 1.4.3
WATI Chat and Notification vo verzii staršej ako 1.1.2 (vrátane)
WHMCS Client Area for WordPress by WHMpress vo verzii staršej ako 4.3-revision-3 (vrátane)
WHMpress vo verzii staršej ako 6.3-revision-1
Wishlist for WooCommerce vo verzii staršej ako 3.1.7 (vrátane)
WooCommerce Recover Abandoned Cart vo verzii staršej ako 24.3.0 (vrátane)
WooCommerce Ultimate Gift Card vo verzii staršej ako 2.6.0 (vrátane)
WooMail vo verzii staršej ako 3.0.34 (vrátane)
WordPress Awesome Import & Export Plugin vo verzii staršej ako 4.1.1 (vrátane)
WordPress form builder plugin for contact forms, surveys and quizzes vo verzii staršej ako 8.0.10
Workreap vo verzii staršej ako 3.2.6
WoWPth vo verzii staršej ako 2.0 (vrátane)
WP Activity Logvo verzii staršej ako 5.3.3
WP Click Info vo všetkých verziách (ukončená podpora)
WP e-Customers Beta vo verzii staršej ako 0.0.1 (vrátane)
WP Ghost vo verzii staršej ako 5.4.02
WP JobHunt vo verzii staršej ako 7.1 (vrátane)
WP Login Control vo verzii staršej ako 2.0.0 (vrátane)
WP Real Estate Manager vo verzii staršej ako 2.8 (vrátane)
WP Test Email vo verzii staršej ako 1.1.9
WP-PManager vo verzii staršej ako 1.2
WP-Recall vo verzii staršej ako 16.26.12
WPCOM Member vo verzii staršej ako 1.7.7
WPCS vo verzii staršej ako 1.2.0.5
WPSchoolPress vo verzii staršej ako 2.2.16 (vrátane)
XV Random Quotes vo verzii staršej ako 1.40 (vrátane)
ZoomSounds vo verzii staršej ako 6.91 (vrátane)
Zoorum Comments vo verzii staršej ako 0.9 (vrátane)
Následky
Vykonanie škodlivého kódu
Eskalácia privilégií
Neoprávnený prístup k citlivým údajom
Neoprávnená zmena v systéme
Zneprístupnenie služby
Neoprávnený prístup do systému
Odporúčania
Odporúčame uistiť sa, či Vaše webové stránky a aplikácie založené na redakčnom systéme WordPress nevyužívajú predmetné pluginy v zraniteľných verziách. V prípade, že áno, administrátorom SK-CERT odporúča:
– v prípade, že sa jedná o pluginy s ukončenou podporou, predmetné pluginy odinštalovať,
– v prípade, že sa jedná o pluginy, pre ktoré nie sú v súčasnosti dostupné bezpečnostné aktualizácie, predmetné pluginy až do vydania záplat deaktivovať alebo odinštalovať,
– v prípade, že sa jedná o pluginy, pre ktoré sú dostupné bezpečnostné záplaty, predmetné pluginy aktualizovať,
– vo všetkých prípadoch preveriť logy na prítomnosť pokusov o zneužitie zraniteľností,
– vo všetkých prípadoch preveriť integritu databázy a samotného redakčného systému.
Po odstránení zraniteľností, ktoré mohli spôsobiť vzdialené vykonanie kódu, je dobrou praxou kontrola systému a zmena všetkých hesiel a kľúčov na dotknutom systéme a aj na iných systémoch, kde sa používalo rovnaké heslo či kľúč.
Taktiež odporúčame poučiť používateľov, aby neotvárali neoverené e-mailové správy, prílohy z neznámych zdrojov a nenavštevovali nedôveryhodné webové stránky.
Zdroje
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/traveler/traveler-318-unauthenticated-local-file-inclusion-via-hotel-alone-load-more-post
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-jobhunt/wp-jobhunt-71-authentication-bypass
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-products-filter/husky-products-filter-professional-for-woocommerce-1365-unauthenticated-local-file-inclusion
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/javo-core/javo-core-202284-unauthenticated-privilege-escalation-in-ajax-signup
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/ciyashop/ciyashop-multipurpose-woocommerce-theme-4190-unauthenticated-php-object-injection
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/civi/civi-job-board-freelance-marketplace-wordpress-theme-214-authentication-bypass-via-password-update
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-jobhunt/wp-jobhunt-71-unauthenticated-privilege-escalation-via-email-updateaccount-takeover
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-jobhunt/wp-jobhunt-71-unauthenticated-privilege-escalation-via-password-resetaccount-takeover
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-realestate-manager/wp-real-estate-manager-28-authentication-bypass-via-account-takeover
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/homey/homey-242-unauthenticated-privilege-escalation-in-homey-save-profile
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/give/givewp-donation-plugin-and-fundraising-platform-3194-unauthenticated-php-object-injection
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/newscrunch/newscrunch-184-authenticated-subscriber-arbitrary-file-upload
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-ultimate-gift-card/woocommerce-ultimate-gift-card-260-unauthenticated-arbitrary-file-upload
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/whmpress/whmpress-63-revision-0-unauthenticated-local-file-inclusion-to-arbitrary-options-update
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/workreap/workreap-325-unauthenticated-privilege-escalation-via-account-takeover
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/realteo-2/realteo-real-estate-plugin-by-purethemes-128-authentication-bypass-via-do-register-user
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/homey-login-register/homey-login-register-240-unauthenticated-privilege-escalation-in-homey-register
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpcom-member/wpcom-member-175-authentication-bypass-via-user-phone
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/golo/golo-directory-listing-travel-wordpress-theme-1610-missing-authorization-to-unauthenticated-arbitrary-user-password-change
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/iwjob/inwave-jobs-351-unauthenticated-privilege-escalation-via-password-reset
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/setsail-membership/setsail-membership-103-authentication-bypass-via-account-takeover
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/alloggio-membership/alloggio-membership-11-authentication-bypass-via-social-login-account-takeover
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/academist-membership/academist-membership-116-authentication-bypass-via-account-takeover
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/nokri-2/nokri-job-board-wordpress-theme-162-unauthenticated-arbitrary-password-change
https://patchstack.com/database/wordpress/plugin/wp-recall/vulnerability/wordpress-wp-recall-plugin-16-26-10-unauthenticated-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/rac/vulnerability/wordpress-woocommerce-recover-abandoned-cart-plugin-24-3-0-unauthenticated-php-object-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/ultimate-member/vulnerability/wordpress-ultimate-member-plugin-2-10-0-unauthenticated-sql-injection-via-search-parameter-vulnerability
https://patchstack.com/database/wordpress/plugin/wp-jobhunt/vulnerability/wordpress-wp-jobhunt-plugin-7-1-unauthenticated-privilege-escalation-via-password-reset-account-takeover-vulnerability
https://patchstack.com/database/wordpress/plugin/themeegg-toolkit/vulnerability/wordpress-themeegg-toolkit-plugin-1-2-9-arbitrary-file-upload-vulnerability
https://patchstack.com/database/wordpress/plugin/woo-altcoin-payment-gateway/vulnerability/wordpress-bitcoin-altcoin-payment-gateway-for-woocommerce-multivendor-store-shop-plugin-1-7-6-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/mywebtonet-performancestats/vulnerability/wordpress-php-mysql-cpu-performance-statistics-plugin-1-2-1-php-object-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/wpcom-member/vulnerability/wordpress-wpcom-member-plugin-1-7-6-unauthenticated-time-based-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/arielbrailovsky-viralad/vulnerability/wordpress-arielbrailovsky-viralad-plugin-1-0-8-unauthenticated-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/analyticswp/vulnerability/wordpress-analyticswp-plugin-2-0-0-unauthenticated-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/dhvc-form/vulnerability/wordpress-dhvc-form-plugin-2-4-7-unauthenticated-privilege-escalation-vulnerability
https://patchstack.com/database/wordpress/plugin/om-stripe/vulnerability/wordpress-om-stripe-plugin-02-00-00-reflected-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/news-list/vulnerability/wordpress-news-list-plugin-1-0-reflected-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/templines-helper-core/vulnerability/wordpress-templines-elementor-helper-core-plugin-2-7-authenticated-subscriber-privilege-escalation-vulnerability
https://patchstack.com/database/wordpress/plugin/kivicare-clinic-management-system/vulnerability/wordpress-kivicare-plugin-3-6-7-authenticated-doctor-sql-injection-via-u-id-parameter-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/bricks/bricksbuilder-1961-authenticated-contributor-privilege-escalation-via-create-autosave
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/login-me-now/login-me-now-172-authentication-bypass
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/cardealer/car-dealer-automotive-wordpress-theme-responsive-163-authenticated-subscriber-arbitrary-file-deletion-and-read
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/site-mailer/site-mailer-123-unauthenticated-stored-cross-site-scripting
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wc-tabs/tabs-for-woocommerce-100-authentiated-shop-manager-php-object-injection-in-product-has-custom-tabs
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/traveler/traveler-318-authenticated-contributor-local-file-inclusion-via-shortcode
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/cardealer/cardealer-164-cross-site-request-forgery-to-user-update-via-update-user-profile
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/cardealer/cardealer-164-arbitrary-theme-option-update-to-authenticated-subscriber-privilege-escalation
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/contest-gallery/photos-files-youtube-twitter-instagram-tiktok-ecommerce-contest-gallery-upload-vote-sell-via-paypal-social-share-buttons-26001-unauthenticated-stored-cross-site-scripting
https://patchstack.com/database/wordpress/plugin/directorist/vulnerability/wordpress-directorist-plugin-8-1-privilege-escalation-and-account-takeover-via-weak-otp-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/fluent-support/fluent-support-helpdesk-customer-support-ticket-system-185-unauthenticated-sensitive-information-exposure-through-unprotected-directory
https://patchstack.com/database/wordpress/plugin/whmpress_client_area_api/vulnerability/wordpress-whmpress-whmcs-client-area-plugin-4-3-revision-3-authenticated-subscriber-arbitrary-options-update-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/designthemes-core-features/designthemes-core-features-47-missing-authorization-to-unauthenticated-arbitrary-file-read-via-dt-process-imported-file
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-awesome-import-export/wordpress-awesome-import-export-plugin-import-export-wordpress-data-411-missing-authorization-to-authenticated-subscriber-arbitrary-sql-executionprivilege-escalation
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bp-better-messages/better-messages-live-chat-for-wordpress-buddypress-peepso-ultimate-member-buddyboss-269-unauthenticated-sensitive-information-exposure-through-unprotected-directory
https://patchstack.com/database/wordpress/plugin/user-registration/vulnerability/wordpress-user-registration-plugin-4-0-4-reflected-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/new-album-gallery/vulnerability/wordpress-album-gallery-wordpress-gallery-plugin-1-6-3-authenticated-editor-php-object-injection-via-gallery-meta-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/database-backup/database-backup-and-check-tables-automated-with-scheduler-2024-235-authenticated-administrator-sensitive-information-exposure
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/surveyjs/surveyjs-drag-drop-wordpress-form-builder-to-create-style-and-embed-multiple-forms-of-any-complexity-11217-missing-authorization-to-authenticated-subscriber-arbitrary-file-deletion-via-surveyjs-deletefile
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cs-framework/cs-framework-70-authenticated-subscriber-arbitrary-file-deletion
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cs-framework/cs-framework-71-authenticated-subscriber-arbitrary-file-read
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/school-management/school-management-system-for-wordpress-9300-authenticated-student-account-takeover-and-privilege-escalation
https://patchstack.com/database/wordpress/plugin/database-backup/vulnerability/wordpress-database-backup-plugin-2-36-authenticated-administrator-arbitrary-file-deletion-vulnerability
https://patchstack.com/database/wordpress/plugin/exertio-framework/vulnerability/wordpress-exertio-framework-plugin-1-3-1-unauthenticated-arbitrary-user-password-update-vulnerability
https://patchstack.com/database/wordpress/plugin/simple-amazon-affiliate/vulnerability/wordpress-simple-amazon-affiliate-plugin-1-0-9-reflected-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/theme/civi/vulnerability/wordpress-civi-theme-2-1-4-sensitive-information-exposure-vulnerability
https://patchstack.com/database/wordpress/theme/jobcareer/vulnerability/wordpress-jobcareer-theme-plugin-7-1-missing-authorization-to-authenticated-subscriber-multiple-administrative-actions-vulnerability
https://patchstack.com/database/wordpress/theme/eco-nature/vulnerability/wordpress-eco-nature-environment-ecology-wordpress-theme-2-0-4-missing-authorization-to-authenticated-subscriber-limited-options-update-vulnerability
https://patchstack.com/database/wordpress/plugin/review-schema/vulnerability/wordpress-review-schema-plugin-2-2-4-authenticated-contributor-local-file-inclusion-via-post-meta-vulnerability
https://patchstack.com/database/wordpress/plugin/simply-schedule-appointments/vulnerability/wordpress-simply-schedule-appointments-plugin-1-6-8-5-unauthenticated-arbitrary-shortcode-execution-vulnerability
https://patchstack.com/database/wordpress/plugin/apppresser/vulnerability/wordpress-apppresser-mobile-app-framework-plugin-4-4-10-unauthenticated-stored-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/reportattacks/vulnerability/wordpress-reportattacks-plugin-2-32-authenticated-admin-sql-injection-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/all-in-one-wp-migration/all-in-one-wp-migration-789-unauthenticated-php-object-injection
https://patchstack.com/database/wordpress/plugin/schedule/vulnerability/wordpress-schedule-plugin-1-0-0-reflected-xss-vulnerability
https://patchstack.com/database/wordpress/theme/industrial/vulnerability/wordpress-industrial-theme-1-7-8-missing-authorization-to-authenticated-subscriber-arbitrary-options-update-vulnerability
https://patchstack.com/database/wordpress/plugin/instawp-connect/vulnerability/wordpress-instawp-connect-plugin-0-1-0-83-cross-site-request-forgery-to-local-file-inclusion-vulnerability
https://patchstack.com/database/wordpress/plugin/soundrise-music/vulnerability/wordpress-soundrise-music-plugin-1-7-authenticated-subscriber-arbitrary-options-update-vulnerability
https://patchstack.com/database/wordpress/plugin/cm-faq/vulnerability/wordpress-cm-faq-plugin-1-2-5-reflected-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/woocommerce-products-filter/vulnerability/wordpress-husky-plugin-1-3-6-4-local-file-inclusion-vulnerability
https://patchstack.com/database/wordpress/plugin/tripetto/vulnerability/wordpress-tripetto-plugin-8-0-9-unauthenticated-stored-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/pixelstats/vulnerability/wordpress-pixelstats-plugin-0-8-2-reflected-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/zoorum-comments/vulnerability/wordpress-zoorum-comments-plugin-0-9-cross-site-request-forgery-to-stored-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/wpschoolpress/vulnerability/wordpress-school-management-system-wpschoolpress-plugin-2-2-16-authenticated-parent-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/wpschoolpress/vulnerability/wordpress-wpschoolpress-plugin-2-2-16-missing-authorization-to-privilege-escalation-via-account-takeover-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-test-email/wp-test-email-118-unauthenticated-stored-cross-site-scripting
https://patchstack.com/database/wordpress/plugin/ad-inserter/vulnerability/wordpress-ad-inserter-plugin-2-8-0-reflected-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/theme/traveler/vulnerability/wordpress-traveler-theme-3-1-8-reflected-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/pluginpass-pro-plugintheme-licensing/vulnerability/wordpress-pluginpass-plugin-0-9-10-arbitrary-file-download-delete-vulnerability
https://patchstack.com/database/wordpress/plugin/related-post/vulnerability/wordpress-related-post-plugin-2-0-59-cross-site-request-forgery-to-stored-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/email-keep/vulnerability/wordpress-email-keep-plugin-1-1-reflected-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/squirrly-seo/vulnerability/wordpress-squirrly-seo-plugin-12-4-05-broken-access-control-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/newscrunch/newscrunch-184-cross-site-request-forgery-to-arbitrary-file-upload
https://patchstack.com/database/wordpress/plugin/s3bubble-amazon-web-services-oembed-media-streaming-support/vulnerability/wordpress-s3bubble-media-streaming-plugin-8-0-reflected-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/seo-automatic-seo-tools/vulnerability/wordpress-seo-tools-plugin-4-0-7-reflected-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/wp-login-control/vulnerability/wordpress-wp-login-control-plugin-2-0-0-reflected-xss-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/animation-addons-for-elementor-pro/animation-addons-for-elementor-pro-16-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-installationactivation
https://patchstack.com/database/wordpress/plugin/maxab/vulnerability/wordpress-maxa-b-plugin-2-2-2-csrf-to-stored-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/insert-code/vulnerability/wordpress-insert-code-plugin-2-4-csrf-to-stored-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/wp-hashtags/vulnerability/wordpress-wordpress-hashtags-plugin-0-3-2-csrf-to-stored-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/wati-chat-and-notification/vulnerability/wordpress-wati-chat-and-notification-plugin-1-1-2-csrf-to-stored-cross-site-scripting-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/no-disposable-email/vulnerability/wordpress-no-disposable-email-plugin-2-5-1-csrf-to-stored-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/passbeemedia-web-push-notifications/vulnerability/wordpress-passbeemedia-web-push-notification-plugin-1-0-0-reflected-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/spotbot/vulnerability/wordpress-spotbot-plugin-0-1-8-reflected-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/wp-programmmanager/vulnerability/wordpress-wp-pmanager-plugin-1-2-reflected-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/download-html-tinymce-button/vulnerability/wordpress-download-html-tinymce-button-plugin-1-2-reflected-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/teachpress/vulnerability/wordpress-teachpress-plugin-9-0-7-authenticated-contributor-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/linkmyposts/vulnerability/wordpress-link-my-posts-plugin-1-0-reflected-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/meintopf/vulnerability/wordpress-meintopf-plugin-0-2-1-reflected-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/my-quota/vulnerability/wordpress-my-quota-plugin-1-0-8-reflected-cross-site-scripting-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/arielbrailovsky-viralad/arielbrailovsky-viralad-108-unauthenticated-sql-injection-1
https://patchstack.com/database/wordpress/plugin/foogallery/vulnerability/wordpress-foogallery-plugin-2-4-29-reflected-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/wp-security-audit-log/vulnerability/wordpress-wp-activity-log-plugin-5-3-2-authenticated-admin-php-object-injection-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/dzs-zoomsounds/zoomsounds-wordpress-wave-audio-player-with-playlist-691-unauthenticated-php-object-injection
https://patchstack.com/database/wordpress/plugin/wp-e-customers/vulnerability/wordpress-wp-e-customers-beta-plugin-0-0-1-reflected-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/wowpth/vulnerability/wordpress-wowpth-plugin-2-0-reflected-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/limit-bio/vulnerability/wordpress-limit-bio-plugin-1-0-cross-site-request-forgery-to-stored-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/wp-click-info/vulnerability/wordpress-wp-click-info-plugin-2-7-4-reflected-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/theme/design-comuni-wordpress-theme/vulnerability/wordpress-design-comuni-italia-theme-1-1-1-unauthenticated-stored-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/wp-jobhunt/vulnerability/wordpress-wp-jobhunt-plugin-7-1-authentication-bypass-to-candidate-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/hide-my-wp/wp-ghost-5401-unauthenticated-limited-file-read
https://patchstack.com/database/wordpress/theme/veda/vulnerability/wordpress-veda-theme-4-2-authenticated-subscriber-php-object-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/email-customizer-for-woocommerce-with-drag-drop-builder/vulnerability/wordpress-woomail-plugin-3-0-34-authenticated-subscriber-missing-authorization-to-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/hslide/vulnerability/wordpress-hero-slider-plugin-1-3-5-authenticated-subscriber-sql-injection-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/loginpress/loginpress-331-cross-site-request-forgery-to-arbitrary-options-update
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/homey/homey-243-limited-authentication-bypass-due-to-missing-empty-value-check
https://patchstack.com/database/wordpress/plugin/squirrly-seo/vulnerability/wordpress-seo-plugin-by-squirrly-seo-plugin-12-4-05-authenticated-subscriber-sql-injection-via-search-parameter-vulnerability
https://patchstack.com/database/wordpress/plugin/fwduvp/vulnerability/wordpress-ultimate-video-player-plugin-10-0-unauthenticated-arbitrary-file-download-vulnerability
https://patchstack.com/database/wordpress/plugin/eventer/vulnerability/wordpress-eventer-plugin-3-9-9-2-authenticated-subscriber-sql-injection-via-reg-id-vulnerability
https://patchstack.com/database/wordpress/plugin/gallery-plugin/vulnerability/wordpress-gallery-by-bestwebsoft-customizable-image-and-photo-galleries-for-wordpress-plugin-4-7-3-authenticated-administrator-php-object-injection-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bws-smtp/smtp-by-bestwebsoft-119-authenticated-administrator-arbitrary-file-upload
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/allow-php-execute/allow-php-execute-10-authenticated-editor-php-code-injection
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/post-meta-data-manager/post-meta-data-manager-143-authentciated-admin-multisite-privilege-escalation
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/miniorange-login-openid-2/miniorange-social-login-and-register-discord-google-twitter-linkedin-pro-addon-20039-authentication-bypass
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/aiomatic-automatic-ai-content-writer/aiomatic-ai-content-writer-editor-chatbot-ai-toolkit-238-missing-authorization-to-authenticated-contributor-arbitrary-file-upload
https://patchstack.com/database/wordpress/plugin/wish-list-for-woocommerce/vulnerability/wordpress-wishlist-for-woocommerce-multi-wishlists-per-customer-plugin-3-1-7-cross-site-request-forgery-to-cross-site-scriping-via-wishlist-name-vulnerability
https://patchstack.com/database/wordpress/plugin/vikrentcar/vulnerability/wordpress-vikrentcar-plugin-1-4-2-cross-site-request-forgery-to-authenticated-subscriber-arbitrary-file-upload-vulnerability
https://patchstack.com/database/wordpress/plugin/product-input-fields-for-woocommerce/vulnerability/wordpress-product-input-fields-for-woocommerce-plugin-1-12-1-unauthenticated-limited-file-upload-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/currency-switcher/wpcs-wordpress-currency-switcher-professional-1204-unauthenticated-arbitrary-shortcode-execution
https://patchstack.com/database/wordpress/plugin/appsero-helper/vulnerability/wordpress-appsero-helper-plugin-1-3-2-cross-site-request-forgery-to-stored-cross-site-scripting-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ulisting/directory-listings-wordpress-plugin-ulisting-217-authenticated-subscriber-privilege-escalation
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ulisting/directory-listings-wordpress-plugin-ulisting-217-missing-authorization-to-authenticated-subscriber-arbitrary-post-meta-update-and-php-object-injection
https://patchstack.com/database/wordpress/plugin/gtbabel/vulnerability/wordpress-gtbabel-plugin-6-6-9-unauthenticated-admin-account-takeover-vulnerability
https://patchstack.com/database/wordpress/plugin/contact-us-by-lord-linus/vulnerability/wordpress-contact-us-by-lord-linus-plugin-2-6-csrf-to-stored-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/xv-random-quotes/vulnerability/wordpress-xv-random-quotes-plugin-1-40-reflected-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/go-to-top/vulnerability/wordpress-go-to-top-plugin-0-0-8-csrf-to-stored-xss-vulnerability

« Späť na zoznam
Aktuálne hrozby
všetky oznámenia
Odkazy