{"id":4150,"date":"2019-10-30T17:52:58","date_gmt":"2019-10-30T16:52:58","guid":{"rendered":"https:\/\/www.maintenance-wordpress.online\/?p=4150"},"modified":"2019-11-03T15:44:44","modified_gmt":"2019-11-03T14:44:44","slug":"vulnerabilite-wordpress-plugins-themes-octobre-2019-semaine-44","status":"publish","type":"post","link":"https:\/\/maintenance-cms-wp.fr\/articles\/vulnerabilite-wordpress-plugins-themes-octobre-2019-semaine-44\/","title":{"rendered":"Vuln\u00e9rabilit\u00e9 WordPress Plugins &#038; th\u00e8mes Octobre 2019 semaine 44"},"content":{"rendered":"<h2>Derni\u00e8res failles de s\u00e9curit\u00e9 plugins et WordPress<\/h2>\n<p>Il faut rapidement, \u00a0v\u00e9rifier les mises \u00e0 jour de ces plugins\/th\u00e8mes. <span style=\"color: #ff0000;\"><strong>Si aucune mise \u00e0 jour, vous devez les supprimer de votre installation WordPress !<\/strong><\/span><\/p>\n<h2>14 Plugins\u00a0WordPress<\/h2>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/all-in-one-seo-pack\/#description\" target=\"_blank\" rel=\"noopener noreferrer\">All In One SEO Pack<\/a> version 3.2.6 \u00a0vuln\u00e9rable \u00e0 \u00a0<span style=\"color: #ff0000;\">Stored Cross-Site Scripting<\/span><\/li>\n<\/ul>\n<p>La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et vous devez la mettre \u00e0 jour vers la \u00a0version 3.2.7.<\/p>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/broken-link-checker\/\" target=\"_blank\" rel=\"noopener noreferrer\">Broken Link Checker<\/a> version 1.11.8 vuln\u00e9rable \u00e0 <span style=\"color: #ff0000;\">Authenticated Cross-Site Scripting<\/span><\/li>\n<\/ul>\n<p><span style=\"color: #ff0000;\"><em><strong>Supprimer le plugin. Manage WP ne maintient pas activement le plugin et ne publiera pas de correctif.<\/strong><\/em><\/span><\/p>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/events-manager\/\" target=\"_blank\" rel=\"noopener noreferrer\">Events Manager<\/a> version 5.9.5 \u00a0vuln\u00e9rable \u00e0 \u00a0<span style=\"color: #ff0000;\">Stored Cross-Site Scripting<\/span><\/li>\n<\/ul>\n<p>La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et vous devriez mettre \u00e0 jour vers la\u00a0version 5.9.6.<\/p>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/eu-cookie-law\/\" target=\"_blank\" rel=\"noopener noreferrer\">EU Cookie Law<\/a> version 3.0.6 \u00a0vuln\u00e9rable \u00e0 <span style=\"color: #ff0000;\">\u00a0Cross-Site Scripting attack.<\/span><\/li>\n<\/ul>\n<p>La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et vous devriez mettre \u00e0 jour vers la\u00a0version version 3.1.<\/p>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/fast-velocity-minify\/#description\" target=\"_blank\" rel=\"noopener noreferrer\">Fast Velocity Minify<\/a> la version 2.7.6 et les versions ant\u00e9rieures pr\u00e9sentent une vuln\u00e9rabilit\u00e9 qui permettrait \u00e0 un attaquant authentifi\u00e9 de d\u00e9couvrir le chemin d&rsquo;acc\u00e8s racine complet de l&rsquo;installation de WordPress.<\/li>\n<\/ul>\n<p>La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et vous devriez mettre \u00e0 jour vers la\u00a0version version 2.7.7.<\/p>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/syntaxhighlighter\/\">SyntaxHighlighter Evolved<\/a> version 3.5.0 vuln\u00e9rable \u00e0 <span style=\"color: #ff0000;\">\u00a0Cross-Site Scripting\u00a0<\/span><\/li>\n<\/ul>\n<p>La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et vous devriez mettre \u00e0 jour vers la\u00a0version version 3.5.1.<\/p>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/wp-html-mail\/\" target=\"_blank\" rel=\"noopener noreferrer\">WP HTML Mail<\/a> version 2.9.0.3 \u00a0vuln\u00e9rable \u00e0 <span style=\"color: #ff0000;\">HTML Injection<\/span><\/li>\n<\/ul>\n<p>La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et vous devez la mettre \u00e0 jour vers la \u00a0version 2.9.1.<\/p>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/sliced-invoices\/\" target=\"_blank\" rel=\"noopener noreferrer\">Sliced Invoices<\/a> version 3.8.2 a de multiples vuln\u00e9rabilit\u00e9s. Les vuln\u00e9rabilit\u00e9s incluent une injection SQL authentifi\u00e9e, un script intersite r\u00e9fl\u00e9chi authentifi\u00e9, la divulgation d&rsquo;informations non authentifi\u00e9es permettant l&rsquo;acc\u00e8s aux factures et l&rsquo;absence de contr\u00f4les de contrefa\u00e7on de requ\u00eates intersites et d&rsquo;authentification.<\/li>\n<\/ul>\n<p>La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et vous devez la mettre \u00e0 jour vers la \u00a0version 3.8.4.<\/p>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/zoho-crm-forms\/\" target=\"_blank\" rel=\"noopener noreferrer\">Zoho CRM Lead Magnet Plugin<\/a> version 1.6.9 i vuln\u00e9rable \u00e0 <span style=\"color: #ff0000;\">Authenticated Cross-Site Scripting<\/span><\/li>\n<\/ul>\n<p>La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et vous devez la mettre \u00e0 jour vers la \u00a0version 1.6.9.1.<\/p>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/about-author\/\" target=\"_blank\" rel=\"noopener noreferrer\">About Author<\/a> version 1.3.9 \u00a0vuln\u00e9rable \u00e0 <span style=\"color: #ff0000;\">Authenticated Cross-Site Scripting<\/span><\/li>\n<\/ul>\n<p>La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et vous devez la mettre \u00e0 jour vers la \u00a0version 1.4.0.<\/p>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/email-templates\/\" target=\"_blank\" rel=\"noopener noreferrer\">Email Templates<\/a> version 1.3 \u00a0vuln\u00e9rable \u00e0<span style=\"color: #ff0000;\"> HTML Injection<\/span><\/li>\n<\/ul>\n<p>La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et vous devez la mettre \u00e0 jour vers la \u00a0version 1.3.1.<\/p>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/groundhogg\/\" target=\"_blank\" rel=\"noopener noreferrer\">Groundhogg<\/a> version 1.3.11.3 \u00a0vuln\u00e9rable \u00e0 \u00a0<span style=\"color: #ff0000;\">Authenticated Cross-Site Scripting\u00a0and\u00a0SQL Injection<\/span><\/li>\n<\/ul>\n<p>La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et vous devez la mettre \u00e0 jour vers la \u00a0version 2.0.9.11.<\/p>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/wp-email-template\/\" target=\"_blank\" rel=\"noopener noreferrer\">WP Email Template<\/a>, version 2.2.10 \u00a0vuln\u00e9rable \u00e0<span style=\"color: #ff0000;\">\u00a0HTML Injection<\/span><\/li>\n<\/ul>\n<p>La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et vous devez la mettre \u00e0 jour vers la \u00a0version 2.2.11.<\/p>\n<ul>\n<li><a href=\"https:\/\/fr.wordpress.org\/plugins\/give\/\" target=\"_blank\" rel=\"noopener noreferrer\">Give WP<\/a> &lt; 2.5.10 &#8211; Multiple Issues<\/li>\n<\/ul>\n<h2><strong>1 Themes\u00a0<\/strong>WordPress<\/h2>\n<ul>\n<li><a href=\"https:\/\/themeforest.net\/item\/injob-job-board-wordpress-theme\/20322987\" target=\"_blank\" rel=\"noopener noreferrer\">InJob<\/a> version 3.3.7 \u00a0vuln\u00e9rable \u00e0 \u00a0<span style=\"color: #ff0000;\">Cross-Site Scripting<\/span><\/li>\n<\/ul>\n<p>La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et vous devez la mettre \u00e0 jour vers la \u00a0version 3.3.8.<\/p>\n<h4 style=\"text-align: center;\">La maintenance de votre site WordPress permet des mises \u00e0 jour r\u00e9guli\u00e8res afin d\u2019\u00e9viter les bugs et les probl\u00e8mes de piratage.<\/h4>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.maintenance-cms-wp.fr\/services\/maintenance-et-support-wordpress\/\">Nous solutions de maintenance WordPress \u00e0 partir de 19\u20ac ht\/ mois\u00a0<\/a><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Derni\u00e8res failles de s\u00e9curit\u00e9 plugins et WordPress Il faut rapidement, \u00a0v\u00e9rifier les mises \u00e0 jour de ces plugins\/th\u00e8mes. Si aucune mise \u00e0 jour, vous devez&#8230;<\/p>\n","protected":false},"author":2,"featured_media":2689,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[31,49,32,30],"tags":[43,36,35],"class_list":["post-4150","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-plugins","category-themes","category-vulnerabilite","category-wordpress","tag-securite","tag-vulnerabilite","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/posts\/4150","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/comments?post=4150"}],"version-history":[{"count":0,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/posts\/4150\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/media\/2689"}],"wp:attachment":[{"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/media?parent=4150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/categories?post=4150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/tags?post=4150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}