{"id":8310,"date":"2021-04-16T17:15:43","date_gmt":"2021-04-16T15:15:43","guid":{"rendered":"https:\/\/www.maintenance-cms-wp.fr\/?p=8310"},"modified":"2021-04-16T17:16:07","modified_gmt":"2021-04-16T15:16:07","slug":"vulnerabilite-wordpress-plugins-mars-2021","status":"publish","type":"post","link":"https:\/\/maintenance-cms-wp.fr\/articles\/vulnerabilite-wordpress-plugins-mars-2021\/","title":{"rendered":"Vuln\u00e9rabilit\u00e9 WordPress Plugins mars 2021"},"content":{"rendered":"<h2>Derni\u00e8res failles de s\u00e9curit\u00e9 plugins et WordPress<\/h2>\n<p>Plusieurs nouvelles vuln\u00e9rabilit\u00e9s de plugins et de th\u00e8mes WordPress ont \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9es au cours de mars 2021, nous voulons donc vous tenir au courant. Dans cet article, nous abordons les vuln\u00e9rabilit\u00e9s de plugins et de th\u00e8mes WordPress r\u00e9cents<\/p>\n<p>Il faut rapidement, \u00a0v\u00e9rifier les mises \u00e0 jour de ces plugins\/th\u00e8mes. <span style=\"color: #ff0000;\"><strong>Si aucune mise \u00e0 jour, vous devez les supprimer de votre installation WordPress !<\/strong><\/span>.<\/p>\n<p><b>WordPress Plugin Vulnerabilities<\/b><\/p>\n<ul>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/ad9dd88c-7ae8-41ac-a0d7-469e146f7817\"><span style=\"color: #333333;\">Woocommerce Customers Manager &lt; 26.6 &#8211; Authenticated Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/10e2cb9d-7285-4d85-923b-bc1ba97bd51a\"><span style=\"color: #333333;\">Woocommerce Customers Manager &lt; 26.6 &#8211; Arbitrary Account Creation\/Update via CSRF<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/ecc620be-8e29-4860-9d32-86b5814a3835\"><span style=\"color: #333333;\">Ivory Search &lt; 4.6.1 &#8211; Reflected Cross Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/ed620de5-1ad2-4480-b08b-719480472bc0\"><span style=\"color: #333333;\">Cooked Pro &lt; 1.7.5.6 &#8211; Unauthenticated Reflected Cross Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/f06629b5-8b15-48eb-a7a7-78b693e06b71\"><span style=\"color: #333333;\">Advanced Booking Calendar &lt; 1.6.8 &#8211; Authenticated Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/5ddc0a9d-c081-4bef-aa87-3b10d037379c\"><span style=\"color: #333333;\">Controlled Admin Access &lt; 1.5.6 &#8211; Improper Access Control to Privilege Escalation<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/25ca8af5-ab48-4e6d-b2ef-fc291742f1d5\"><span style=\"color: #333333;\">Advanced Booking Calendar &lt; 1.6.7 &#8211; Authenticated Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/a8b959e3-891c-4132-8ffc-fb25206ce9f9\"><span style=\"color: #333333;\">Easy Form Builder &lt;= 1.0 &#8211; Unauthorised AJAX calls<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/8e3e89fd-e380-4108-be23-00e87fbaad16\"><span style=\"color: #333333;\">AccessAlly &lt; 3.5.7 &#8211; $_SERVER Superglobal Leakage<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/001755c4-add3-4566-a022-ab1f83546c1f\"><span style=\"color: #333333;\">Patreon WordPress &lt; 1.7.2 &#8211; Reflected XSS on patreon_save_attachment_patreon_level AJAX action<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/7a5fadb1-3f1c-4779-8ff6-356fccb5269b\"><span style=\"color: #333333;\">Patreon WordPress &lt; 1.7.2 &#8211; Reflected XSS on Login Form<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/f8ab6855-a319-47ac-82fb-58b181e77500\"><span style=\"color: #333333;\">Patreon WordPress &lt; 1.7.0 &#8211; CSRF to Disconnect Sites From Patreon<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/2deefa2d-3043-42e5-afef-a42c37703531\"><span style=\"color: #333333;\">Patreon WordPress &lt; 1.7.0 &#8211; CSRF to Overwrite\/Create User Meta<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/f62df02d-7678-440f-84a1-ddbf09364016\"><span style=\"color: #333333;\">Patreon WordPress &lt; 1.7.0 &#8211; Unauthenticated Local File Disclosure<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/ed0c054b-54bf-4df8-9015-c76704c93484\"><span style=\"color: #333333;\">Easy Form Builder &lt;= 1.0 &#8211; Authenticated Arbitrary File Upload<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/d7a72183-0cd1-45de-b98b-2e295b27e5db\"><span style=\"color: #333333;\">N5 Upload Form &lt;= 1.0 &#8211; Unauthenticated Arbitrary File Upload to RCE<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/4d715de6-8595-4da9-808a-04a28e409900\"><span style=\"color: #333333;\">WP-Curricul Vitea Free &lt;= 6.3 &#8211; Unauthenticated Arbitrary File Upload to RCE<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/ee90f784-f17b-4268-9443-8f29e58d2ee1\"><span style=\"color: #333333;\">Quiz And Survey Master &lt; 7.1.14 &#8211; Authenticated SQL injection via Rest API<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/3b52b25c-82a1-41c7-83ac-92e244f7c5ab\"><span style=\"color: #333333;\">Quiz And Survey Master &lt; 7.1.12 &#8211; Authenticated SQL injection via shortcode<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/70d10e3c-a905-45a3-996e-fc99544aeae5\"><span style=\"color: #333333;\">Vertical News Scroller &lt; 1.17 &#8211; Authenticated Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/509f2754-a1a1-4142-9126-ae023a88533a\"><span style=\"color: #333333;\">Facebook for WordPress &lt; 3.0.0 &#8211; PHP Object Injection with POP Chain<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/169d21fc-d191-46ff-82e8-9ac887aed8a4\"><span style=\"color: #333333;\">Facebook for WordPress 3.0.0-3.0.3 &#8211; CSRF to Stored XSS and Settings Deletion<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/35acd2d8-85fc-4af5-8f6c-224fa7d92900\"><span style=\"color: #333333;\">All Thrive Themes and Plugins &#8211; Unauthenticated Option Update<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/e5bfd53d-0d9a-42f2-8af8-5bb710bac828\"><span style=\"color: #333333;\">MapifyLife &lt;= 3.3.0 &#8211; Authenticated Stored Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/1c58a844-edcd-47fe-849a-cbabfbb45476\"><span style=\"color: #333333;\">SecuPress &lt; 2.0 &#8211; Unauthenticated Arbitrary IP Ban<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/7bdee32b-9036-4e13-9586-4d6a9a1159c6\"><span style=\"color: #333333;\">Mapplic and Mapplic Lite &#8211; SSRF to Stored Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/da4ab508-a423-4c7f-a1d4-42ec6f989309\"><span style=\"color: #333333;\">GiveWP &lt; 2.10.0 &#8211; Reflected Cross Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/eec0f29f-a985-4285-8eed-d1855d204a20\"><span style=\"color: #333333;\">Controlled Admin Access &lt; 1.5.2 &#8211; Improper Access Control &amp; Privilege Escalation<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/cf9305e8-f5bc-45c3-82db-0ef00fd46129\"><span style=\"color: #333333;\">WooCommerce Help Scout &lt; 2.9.1 &#8211; Unauthenticated Arbitrary File Upload leading to RCE<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/37e0a033-3dee-476d-ae86-68354e8f0b1c\"><span style=\"color: #333333;\">WordPress Related Posts &lt;= 3.6.4 &#8211; Authenticated Stored Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/9b3c5412-8699-49e8-b60c-20d2085857fb\"><span style=\"color: #333333;\">PhastPress &lt; 1.111 &#8211; Open Redirect<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/c20e243d-b0de-4ae5-9a0d-b9d02c9b8141\"><span style=\"color: #333333;\">WP Page Builder &lt; 1.2.4 &#8211; Multiple Stored Cross-Site scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/21e7a46f-e9a3-4b20-b44a-a5b6ce7b7ce6\"><span style=\"color: #333333;\">WP Page Builder &lt; 1.2.4 &#8211; Insecure default configuration Allows Subscribers Editing Access to Posts<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/2f66efd9-7d55-4f33-9109-3cb583a0c309\"><span style=\"color: #333333;\">Elementor &lt; 3.1.2 &#8211; Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/ef23df6d-e265-44f6-bb94-1005b16d34d9\"><span style=\"color: #333333;\">Elementor &lt; 3.1.2 &#8211; Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/772e172f-c8b4-4a6a-9eb9-9663295cfedf\"><span style=\"color: #333333;\">Elementor &lt; 3.1.2 &#8211; Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/aa152ad0-5b3d-4d1f-88f4-6899a546e72e\"><span style=\"color: #333333;\">Elementor &lt; 3.1.2 &#8211; Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/b72bd13d-c8e2-4347-b009-542fc0fe21bb\"><span style=\"color: #333333;\">Elementor &lt; 3.1.2 &#8211; Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/9647f516-b130-4cc8-85fb-2e69b034ced0\"><span style=\"color: #333333;\">Elementor &lt; 3.1.2 &#8211; Authenticated Stored Cross-Site Scripting (XSS) in Column Element<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/26be48e8-0fa8-4c5b-846e-af46e27822cb\"><span style=\"color: #333333;\">BuddyPress &lt; 7.2.1 &#8211; Invite Member to Join Group<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/36f64ef2-7a50-4446-b3ee-17cda6e29eb4\"><span style=\"color: #333333;\">BuddyPress &lt; 7.2.1 &#8211; Manage BuddyPress Member Types<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/f4867999-c8dd-4aa5-bb14-c196a6068242\"><span style=\"color: #333333;\">BuddyPress &lt; 7.2.1 &#8211; Read Private Messages<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/3fa28c4e-9169-4a36-9002-0a39e8b225cf\"><span style=\"color: #333333;\">BuddyPress &lt; 7.2.1 &#8211; Force a Friendship<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/57f1dbe6-2220-4004-8c09-3ecad45c687f\"><span style=\"color: #333333;\">BuddyPress &lt; 7.2.1 &#8211; REST API Privilege Escalation<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/166b2829-047c-439a-b59c-f5ad194cbaae\"><span style=\"color: #333333;\">Paid Membership Pro &lt; 2.5.6 &#8211; Authenticated SQL Injection<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9\"><span style=\"color: #333333;\">wpDataTables &lt; 3.4.2 &#8211; Blind SQL Injection via length Parameter<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/5c98c2d6-d002-4cff-9d6f-633cb3ec6280\"><span style=\"color: #333333;\">wpDataTables &lt; 3.4.2 &#8211; Blind SQL Injection via start Parameter<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/d953bc62-8a6f-445b-a556-bc25cdd200e3\"><span style=\"color: #333333;\">wpDataTables &lt; 3.4.2 &#8211; Improper Access Control leading to Table Data Deletion<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/a56c04a4-dda0-4a7f-a525-d0349a1fda2b\"><span style=\"color: #333333;\">wpDataTables &lt; 3.4.2 &#8211; Improper Access Control leading to Table Permission Takeover<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/b4a83501-c727-4c9b-a9a1-46b399ab0caa\"><span style=\"color: #333333;\">Flo Forms &lt; 1.0.36 &#8211; Authenticated Options Change to Stored XSS<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/c234700e-61dd-46a0-90fb-609e704269a9\"><span style=\"color: #333333;\">SEO Redirection &lt;= 6.3 &#8211; Authenticated Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/733d8a02-0d44-4b78-bbb2-37e447acd2f3\"><span style=\"color: #333333;\">WP Super Cache &lt; 1.7.2 &#8211; Authenticated Remote Code Execution (RCE)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/5f5c0c6c-6f76-4366-b590-0aab557f8c60\"><span style=\"color: #333333;\">Tutor LMS &lt; 1.8.3 &#8211; SQL Injection via tutor_answering_quiz_question\/get_answer_by_id<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/0cba5349-e916-43f0-a1fe-62cf73e352a2\"><span style=\"color: #333333;\">Tutor LMS &lt; 1.7.7 &#8211; SQL Injection via tutor_place_rating<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/5e85917c-7a58-49cb-b8b3-05aa18ffff3e\"><span style=\"color: #333333;\">Tutor LMS &lt; 1.7.7 &#8211; Unprotected AJAX including Privilege Escalation<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/9b8da6b7-f1d6-4a7d-a621-4ca01e4b7496\"><span style=\"color: #333333;\">Tutor LMS &lt; 1.8.3 &#8211; SQL Injection via tutor_quiz_builder_get_question_form<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/f74dfc52-46ba-41e3-994b-23115a22984f\"><span style=\"color: #333333;\">Tutor LMS &lt; 1.8.3 &#8211; SQL Injection via tutor_quiz_builder_get_answers_by_question<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/d5a00322-7098-4f8d-8e5e-157b63449c17\"><span style=\"color: #333333;\">Tutor LMS &lt; 1.7.7 &#8211; SQL Injection via tutor_mark_answer_as_correct<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/7593d5c8-cbc2-4469-b36b-5d4fb6d49718\"><span style=\"color: #333333;\">Related Posts for WordPress &lt; 2.0.4 &#8211; Authenticated Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/bb20d732-a5e4-4140-ab51-b2aa1a53db12\"><span style=\"color: #333333;\">Social Slider Widget &lt; 1.8.5 &#8211; Authenticated Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/b69ea1bc-3c9b-47d7-a164-c860ee46a9af\"><span style=\"color: #333333;\">VM Backups &lt;= 1.0 &#8211; CSRF to Stored Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/187e6967-6961-4843-a9d5-866f6ebdb7bc\"><span style=\"color: #333333;\">VM Backups &lt;= 1.0 &#8211; CSRF to Database Backup Download<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/705bcd6e-6817-4f89-be37-901a767b0585\"><span style=\"color: #333333;\">JH 404 Logger &lt;= 1.1 &#8211; Unauthenticated Stored Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/40ce7e3b-acf2-4e09-8216-1bb1199d234b\"><span style=\"color: #333333;\">Five Star Restaurant Menu &lt; 2.2.1 &#8211; Unauthenticated PHP Object Injection<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/350c3e9a-bcc2-486a-90e6-d1dc13ce1bd5\"><span style=\"color: #333333;\">Database Backups &lt;= 1.2.2.6 &#8211; CSRF to Backup Download<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/78851964-ffec-419b-a726-a55f7aba2af5\"><span style=\"color: #333333;\">SuperStoreFinder &amp; SuperInteractiveMaps &#8211; Unauthenticated SQL Injections<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/c311feef-7041-4c21-9525-132b9bd32f89\"><span style=\"color: #333333;\">The Plus Addons for Elementor Page Builder &lt; 4.1.7 &#8211; Authentication Bypass<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/ed4288a1-f7e4-455f-b765-5ac343f87194\"><span style=\"color: #333333;\">WooCommerce Upload Files &lt; 59.4 &#8211; Unauthenticated Arbitrary File Upload<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/29fc5b0e-0a5f-4484-a1e6-a0a1206726cc\"><span style=\"color: #333333;\">User Profile Picture &lt; 2.5.0 &#8211; Sensitive Information Disclosure<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/09681a6c-57b8-4448-982a-fe8d28c87fc3\"><span style=\"color: #333333;\">Advanced Order Export For WooCommerce &lt; 3.1.8 &#8211; Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/69655879-9fd5-49a3-96ce-81e43b8d8438\"><span style=\"color: #333333;\">WP GDPR Compliance &lt; 1.5.6 &#8211; Unauthenticated Stored Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/ced7f8be-acd4-4d6f-9745-6a1e57d4e5a9\"><span style=\"color: #333333;\">Multiple Plugins &#8211; CSRF Nonce Bypasses<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"color: #333333;\"><br \/>\n<b>WordPress Theme Vulnerabilities<\/b><\/span><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/eece90aa-582b-4c49-8b7c-14027f9df139\"><span style=\"color: #333333;\">Goto &#8211; Tour &amp; Travel &lt; 2.0 &#8211; Unauthenticated Reflected XSS<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/91b4016d-5dc1-4979-9c11-ffc9d1ff8738\"><span style=\"color: #333333;\">Business Directory &lt;= 1.2.0 &#8211; Unauthenticated Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/a2424354-2639-4f53-a24f-afc11f6c4cac\"><span style=\"color: #333333;\">All Thrive Themes Legacy Themes &lt; 2.0.0 &#8211; Unauthenticated Arbitrary File Upload and Option Deletion<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/35acd2d8-85fc-4af5-8f6c-224fa7d92900\"><span style=\"color: #333333;\">All Thrive Themes and Plugins &#8211; Unauthenticated Option Update<\/span><\/a><\/li>\n<\/ul>\n<p><b>Ce qu\u2019il faut faire<\/b><\/p>\n<p><span style=\"color: #ff0000;\">Les vuln\u00e9rabilit\u00e9s n&rsquo;ont pas \u00e9t\u00e9 corrig\u00e9es. Gardez un \u0153il sur le journal des modifications pour une mise \u00e0 jour qui inclut un correctif.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h4 style=\"text-align: center;\">La maintenance de votre site WordPress permet des mises \u00e0 jour r\u00e9guli\u00e8res afin d\u2019\u00e9viter les bugs et les probl\u00e8mes de piratage.<\/h4>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.maintenance-cms-wp.fr\/services\/maintenance-et-support-wordpress\/\">Nous solutions de maintenance WordPress \u00e0 partir de 34\u20ac ht\/ mois\u00a0<\/a><\/p>\n<p style=\"text-align: right;\">source : <span style=\"color: #333333;\">WPScan <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Derni\u00e8res failles de s\u00e9curit\u00e9 plugins et WordPress Plusieurs nouvelles vuln\u00e9rabilit\u00e9s de plugins et de th\u00e8mes WordPress ont \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9es au cours de mars 2021, nous&#8230;<\/p>\n","protected":false},"author":2,"featured_media":3343,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[31,32,30],"tags":[],"class_list":["post-8310","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-plugins","category-vulnerabilite","category-wordpress"],"_links":{"self":[{"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/posts\/8310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/comments?post=8310"}],"version-history":[{"count":0,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/posts\/8310\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/media\/3343"}],"wp:attachment":[{"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/media?parent=8310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/categories?post=8310"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/tags?post=8310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}