Aktuelle Schwachstellen bei WordPress Plugins
Aktuell weitet sich eine Schwachstelle für WordPress-Plugins aus (aktuell 31 Plugins, die von einem File Upload Fehler betroffen sind). Hier eine Liste mit bislang bestätigten hackbaren Plugins:
* WordPress Asset Manager Plugin 0.2 Arbitrary File Upload
* WordPress Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability
* WordPress Easy Contact Forms Export Plugin 1.1.0 Information Disclosure Vulnerability
* WordPress Font Uploader Plugin 1.2.4 Arbitrary File Upload
* WordPress Foxypress Plugin 0.4.1.1 – 0.4.2.1 Arbitrary File Upload
* WordPress Front End Upload 0.5.3 Arbitrary File Upload
* WordPress Front File Manager Plugin 0.1 Arbitrary File Upload
* WordPress Gallery Plugin 3.06 Arbitrary File Upload
* WordPress Google Maps via Store Locator Plugin Multiple Vulnerabilities
* WordPress HTML5 AV Manager Plugin 0.2.7 Arbitrary File Upload
* WordPress MM Forms Community Plugin 2.2.6 Arbitrary File Upload
* WordPress Mac Photo Gallery 2.7 Arbitrary File Upload
* WordPress Omni Secure Files Plugin 0.1.13 Arbitrary File Upload
* WordPress PICA Photo Gallery Plugin 1.0 Remote File Disclosure
* WordPress Pica Photo Gallery 1.0 Arbitrary File Upload Vulnerability
* WordPress Plugin: Newsletter 1.5 Remote File Disclosure Vulnerability
* WordPress RBX Gallery Plugin 2.1 Arbitrary File Upload
* WordPress SfBrowser Version 1.4.5 Arbitrary File Upload Vulnerability
* WordPress Simple Download Button Shortcode Plugin 1.0 Remote File Disclosure
* WordPress Thinkun Remind Plugin 1.1.3 Remote File Disclosure
* WordPress Tinymce Thumbnail Gallery Plugin 1.0.7 Remote File Disclosure
* WordPress Top Quark Architecture Version 2.10 Arbitrary File Upload Vulnerability
* WordPress User Meta Version 1.1.1 Arbitrary File Upload Vulnerability
* WordPress WP Marketplace Plugin 1.5.0 – 1.6.1 Arbitrary File Upload
* WordPress WP-Property Plugin 1.35.0 Arbitrary File Upload
* WordPress drag and drop file upload 0.1 Arbitrary File Upload Vulnerability
* WordPress wp-gpx-map version 1.1.21 Arbitrary File Upload Vulnerability
* WordPress wpStoreCart Plugin 2.5.27-2.5.29 Arbitrary File Upload
Anmerkung: yourmedia Kunden haben die genannten Plugins nicht im Einsatz. Dennoch empfiehlt es sich diverse Updates durchzuführen/durchführen zu lassen und ein Backup der Seite erstellen zu lassen.
Falls Sie yourmedia-Kunde sind und eines dieser Plugins womöglich selbst installiert haben, sollten Sie sich dringend melden.
Kategorie: Wordpress-Tipps