A lista acaba de ser divulgada pelo iThemes, que divulgou o relatório atualizado e tido como a quinta parte. A vulnerabilidade atinge 68 plugins para o WordPress, mas algumas empresas lançaram atualizações recentes. Desta forma, caso você tenha algum plugin da lista, fique atento as versões as quais as correções foram lançadas. Mas, nem tudo são flores, alguns plugins até o momento não lançaram nenhuma correção.
Lista dos 68 plugins WordPress com vulnerabilidades!
- 1. Comments – wpDiscuz
- 2. Page Generator
- 3. WordPress to Hootsuite
- 4. WordPress to Buffer
- 5. Gutenberg PDF Viewer Block
- 6. YITH WooCommerce Product Add-Ons
- 7. To Top
- 7. Header Enhancement
- 8. Generate Child Theme
- 9. Essential Content Types
- 9. Catch Web Tools
- 10. Essential Widgets
- 11. Catch Under Construction
- 12. Catch Themes Demo Import
- 13. Catch Sticky Menu
- 14. Catch Scroll Progress Bar
- 15. Social Gallery and Widget
- 16. Catch Infinite Scroll
- 17. Catch Import Export
- 18. Catch Gallery
- 19. Catch Duplicate Switcher
- 20. Catch Breadcrumb
- 21. Catch IDs
- 22. Tutor LMS
- 23. WP Import Export Lite
- 24. One User Avatar
- 25. Scroll Baner
- 26. WP Ticket
- 27. GamePress
- 28. Wechat Reward
- 29. Sociable
- 30. BetterDocs
- 31. Multiple WooCommerce Add-Ons – multiple plugins
- 32. WP Cookie Choice
- 33. Easy Twitter Feed
- 34. Html5 Audio Player
- 35. Polo Video Gallery
- 36. StreamCast
- 37. PDF Light Viewer
- 38. MainWP Child Reports
- 39. LearnPress
- 40. OptinMonster
- 41. Frontend Uploader
- 42. Allow REL= and HTML in Author Bios
- 43. WP HTML Author Bio
- 44. jQuery Reply to Comment
- 45. Video Gallery – Vimeo and YouTube Gallery
- 46. Request a Quote
- 47. St Daily Tip
- 48. Advance Search
- 49. WP Mega Menu
- 50. Cherry Plugin
- 51. WP Job Manager
- 52. WP Mobile Detector
- 53. Telefication
- 54. Game Server Status
- 55. Responsive WordPress Slider
- 56. Fetch Tweets
- 57. WooCommerce
- 58. WooCommerce Admin
- 59. YT Player
- 60. Cookie Bar
- 61. WP User Manager
- 62. Easy Media Download
- 63. Ninja Forms
- 64. 3DPrint Lite
- 65. iQ Block Country
- 66. WordPress Popular Posts
- 67. Custom Dashboard & Login Page
- 68. Bug Library
Plugins WordPress que estão vulneravéis e que NÃO foram corrigidas!
Note que a lista pode ser atualizada a qualquer momento por nós. No entanto, até o momento não houve nenhuma mudança ou informação dos desenvolvedores dos plugins abaixo para resolver os problemas destacados.
Plugin: YITH WooCommerce Product Add-Ons
Plugin: YITH WooCommerce Product Add-Ons
Vulnerability: Authenticated Local File Inclusion
Patched in Version: 2.1.0
Severity Score: Medium
Plugin:YITH WooCommerce Product Add-Ons
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 2.1.0
SeverityScore: High
Plugin: Scroll Baner
Plugin:Scroll Baner
Vulnerability: CSRF to RCE
Patched in Version: no known fix
SeverityScore: Critical
Plugin: GamePress
Plugin:GamePress
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: no known fix
SeverityScore: High
Plugin Wechat Reward
Plugin:Wechat Reward
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: no known fix
SeverityScore: High
Plugin: Sociable
Plugin:Sociable
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: no known fix
SeverityScore: Low
Plugin: WP Cookie Choice
Plugin: WP Cookie Choice
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: no known fix
SeverityScore: High
Plugin: Polo Video Gallery
Plugin:Polo Video Gallery
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
SeverityScore: Medium
Plugin: Frontend Uploader
Plugin: Frontend Uploader
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
SeverityScore: Medium
Plugin:Allow REL= and HTML in Author Bios – WordPress plugin | WordPress.org
Plugin:Allow REL= and HTML in Author Bios – WordPress plugin | WordPress.org
Vulnerability: Author+ Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
SeverityScore: Medium
Plugin:WP HTML Author Bio
Plugin:WP HTML Author Bio
Vulnerability: Author+ Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
SeverityScore: Medium
Plugin: jQuery Reply to Comment
Plugin:jQuery Reply to Comment
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
SeverityScore: High
Notícias Relacionadas
Tecnologia móvel
Samsung destaca avanço nas mensagens RCS com suporte no iOS
O suporte a RCS chega ao iOS com o iOS 18.1, permitindo que usuários de Android e iPhone aproveitem uma experiência de mensagens aprimorada e sem necessidade de redes sociais.
Mercado elétrico
Xiaomi atinge R$ 7,14 bilhões em receita com veículos elétricos no 3º trimestre de 2024
Xiaomi fecha o 3º trimestre de 2024 com R$ 7,14 bilhões em receita com veículos elétricos, impulsionado pelo sucesso da série SU7, apesar do prejuízo operacional.
Plugin: Video Gallery – Vimeo and YouTube Gallery
Plugin: Video Gallery – Vimeo and YouTube Gallery
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
SeverityScore: Low
Plugin: St Daily Tip
Plugin:St Daily Tip
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
SeverityScore: High
Plugin: WP Mobile Detector
Plugin:WP Mobile Detector
Vulnerability: Unauthenticated Arbitrary File Upload
Patched in Version: 3.6
SeverityScore: Critical
Plugin: Telefication
Plugin:Telefication
Vulnerability: Open Relay & Server-Side Request Forgery
Patched in Version: no known fix – plugin closed
SeverityScore: Medium
Plugin: Game Server Status
Plugin: Game Server Status
Vulnerability: Contributor+ SQL Injection
Patched in Version: no known fix – plugin closed
Severity Score: High
Plugin: Game Server Status
Vulnerability: Admin+ SQL Injection
Patched in Version: no known fix – plugin closed
Severity Score: Medium
Plugin: Game Server Status
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
Severity Score: Low
Plugin: Responsive WordPress Slider
Plugin: Responsive WordPress Slider
Vulnerability: Subscriber+ Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
Severity Score: Critical
Plugin: Responsive WordPress Slider
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: no known fix – plugin closed
Severity Score: Critical
Plugin: Fetch Tweets
Plugin:Fetch Tweets
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: no known fix – plugin closed
SeverityScore: High
Plugin: Cookie Bar
Plugin:Cookie Bar
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
SeverityScore: Low
Plugin: 3DPrint Lite
Plugin:3DPrint Lite
Vulnerability: Unauthenticated Arbitrary File Upload
Patched in Version: no known fix – plugin closed
SeverityScore: Critical
Agora que você já viu a lista de quem tinha a vulnerabilidade e também a lista dos plugins WordPress que ainda não a corrigiram, segue uma recomendação. Primeiro, observe se há uma alternativa ao plugin vulnerável, depois tente enviar e-mail para o desenvolvedor resolver o problema. Por fim, caso não tenha alternativas, pense que talvez seja o momento de contratar um plugin Wordpress de segurança.
Fonte: iThemes
