Vulnerabilidades WordPress Diciembre 2020
WordPress Plugin Vulnerabilities
- Site Offline < 1.4.4 – Multiple Cross-Site Request Forgery
- Newsletter Manager <= 1.5.1 – Unauthenticated Insecure Deserialisation
- LiteSpeed Cache < 3.6.1 – Authenticated Stored Cross-Site Scripting
- WP Postratings < 1.86.1 – Authenticated Stored Cross-Site Scripting
- Envira Gallery Lite < 1.8.3.3 – Authenticated Stored Cross-Site Scripting
- Simple Social Buttons < 3.2.1 – Unauthenticated Reflected Cross-Site Scripting
- Simple Social Buttons < 3.2.0 – Reflected Cross-Site Scripting
- Contact Form 7 < 5.3.2 – Unrestricted File Upload
- Redux Framework 4.1.22 – 4.1.23 – CSRF Nonce Validation Bypass
- Redux Framework < 4.1.21 – CSRF Nonce Validation Bypass
- Limit Login Attempts Reloaded < 2.17.4 – Login Rate Limiting Bypass
- Limit Login Attempts Reloaded < 2.16.0 – Authenticated Reflected Cross-Site Scripting
- Total Upkeep by BoldGrid < 1.14.10 – Unauthenticated Backup Download
- Total Upkeep by BoldGrid < 1.14.10 – Sensitive Data Disclosure (Server IP Address, UID etc)
- Directories Pro < 1.3.46 – Authenticated Self-Reflected Cross-Site Scripting
- Directories Pro < 1.3.46 – Authenticated Reflected Cross-Site Scripting
- Ultimate Category Excluder < 1.2 – Cross-Site Request Forgery
- Pagelayer < 1.3.5 – Multiple Reflected Cross-Site Scripting (XSS)
- DiveBook <= 1.1.4 – Unauthenticated SQL Injection
- DiveBook <= 1.1.4 – Unauthenticated Reflected XSS
- DiveBook <= 1.1.4 – Improper Authorisation Check
- Easy WP SMTP < 1.4.3 – Debug Log Disclosure
- Themify Portfolio Post < 1.1.6 – Authenticated Stored Cross-Site Scripting
- Profile Builder & Profile Builder Pro < 3.3.3 – Authenticated Blind SQL Injection
WordPress Theme Vulnerabilities
- ListingPro < 2.6.1 – Unauthenticated Sensitive Data Disclosure (Usernames, Emails etc)
- ListingPro < 2.6.1 – Unauthenticated Arbitrary Plugin Installation/Activation/Deactivation
Equipo de Php Ninja
*Tus datos están seguros porque cumplimos con el RGPD (Reglamento General de Protección de Datos) y te dejo esta información que debes saber:
- Responsable: Ayesa Digital SLU
- Finalidad: Responderte al correo que vas a enviar.
- Legitimación: Consentimiento.
- Destinatarios: tus datos de contacto se almacenarán en nuestra base de datos.
- Derechos: Cambios, rectificaciones, borrados, escríbenos a administracion@phpninja.es
Puedes consultar la información adicional y detallada sobre Protección de Datos en política de privacidad.
Muy profesionales. Resuelven rápido e informan en todo momento del estado del trabajo. 100% recomendado.
Conchetta Alonso
CEO at Workcation
4.7/5 Leer opiniones sobre Php Ninja en Google reviews
