Failles de sécurité Plugins Thèmes WordPress semaine 50

WPServeur vous informe des dernières failles de sécurité plugins et thèmes WordPress connues :

 

Plugins WordPress

• WordPress Plugin Single Personal Message 1.0.3 - SQL Injection
• Delete All Comments 2.0 - Unauthenticated Arbitrary File Upload
• BP Profile Search <= 4.5.3 - PHP Object Injection
• Multisite Post Duplicator <= 0.9.5.1 - Cross-Site Request Forgery (CSRF)
• Social Share Buttons - Social Pug <= 1.2.5 - Authenticated Cross-Site Scripti...
• WooCommerce Email Test 1.5 - Order Information Disclosure
• Ultimate Member <= 1.3.75 - Unauthenticated Change Passwords
• WA Form Builder 1.1 - Unauthenticated SQL Injection
• Olimometer <= 2.56 - Unauthenticated SQL Injection

 

Thèmes WordPress

• PageLines Platform Theme <= 1.1.4 - Cross-Site Request Forgery (CSRF)
• Headway Theme <= 3.8.8 - Authenticated Cross-Site Scripting (XSS)
• Neosense Theme <= 1.7 - Unrestricted File Upload
• Akal Theme - Reflected Cross-Site Scripting (XSS)
• ColorWay <= 3.4.1 - Cross-Site Scripting (XSS)
• Truemag Theme - XSS
• Truemag Theme - Unauthenticated Reflected Cross-Site Scripting (XSS)
• ScoreMe Theme - Unauthenticated Reflected Cross-Site Scripting (XSS)

 

Failles WordPress

• WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
• WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
• WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure
• WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
• WordPress 4.2-4.5.2 - Authenticated Attachment Name Stored XSS
• WordPress 4.5.2 - Redirect Bypass
• WordPress 4.5.2 - oEmbed Denial of Service (DoS)