{"id":8447,"date":"2021-06-01T09:56:37","date_gmt":"2021-06-01T07:56:37","guid":{"rendered":"https:\/\/www.maintenance-cms-wp.fr\/?p=8447"},"modified":"2021-06-01T12:26:01","modified_gmt":"2021-06-01T10:26:01","slug":"vulnerabilite-wordpress-plugins-mai2021","status":"publish","type":"post","link":"https:\/\/maintenance-cms-wp.fr\/articles\/vulnerabilite-wordpress-plugins-mai2021\/","title":{"rendered":"Vuln\u00e9rabilit\u00e9 WordPress Plugins mai 2021"},"content":{"rendered":"<h2>Derni\u00e8res failles de s\u00e9curit\u00e9 plugins et WordPress<\/h2>\n<p>Plusieurs nouvelles vuln\u00e9rabilit\u00e9s de plugins et de th\u00e8mes WordPress ont \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9es au cours de mai 2021, nous voulons donc vous tenir au courant. Dans cet article, nous abordons les vuln\u00e9rabilit\u00e9s de plugins et de th\u00e8mes WordPress r\u00e9cents<\/p>\n<p>Il faut rapidement, \u00a0v\u00e9rifier les mises \u00e0 jour de ces plugins\/th\u00e8mes. <span style=\"color: #ff0000;\"><strong>Si aucune mise \u00e0 jour, vous devez les supprimer de votre installation WordPress !<\/strong><\/span>.<\/p>\n<p><span style=\"color: #333333;\"><b>WordPress Core Vulnerabilities<\/b><\/span><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/4cd46653-4470-40ff-8aac-318bee2f998d\"><span style=\"color: #333333;\">WordPress 3.7 to 5.7.1 &#8211; Object Injection in PHPMailer<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"color: #333333;\"><br \/>\n<b>WordPress Plugin Vulnerabilities<\/b><\/span><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/950f46ae-4476-4969-863a-0e55752953b3\"><span style=\"color: #333333;\">FooGallery &lt; 2.0.35 &#8211; Authenticated Stored Cross-Site Scripting<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/d9586453-cc5c-4d26-bb45-a6370c9427fe\"><span style=\"color: #333333;\">Yes\/No Chart &lt; 1.0.12 &#8211; Authenticated (contributor+) Blind SQL Injection<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/fd4352ad-dae0-4404-94d1-11083cb1f44d\"><span style=\"color: #333333;\">The Plus Addons for Elementor Page Builder &lt; 4.1.10 &#8211; Open Redirect<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/486b82d1-30d4-44d2-9542-f33e3f149e92\"><span style=\"color: #333333;\">The Plus Addons for Elementor Page Builder &lt; 4.1.11 &#8211; Arbitrary Reset Pwd Email Sending<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/2ee62f85-7aea-4b7d-8b2d-5d86d9fb8016\"><span style=\"color: #333333;\">The Plus Addons for Elementor &lt; 4.1.12 &#8211; Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/63180c28-6d05-4f97-9565-b48b6d9a8cc2\"><span style=\"color: #333333;\">NinjaFirewall &lt; 4.3.4 &#8211; Authenticated (admin+) PHAR Deserialization<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/1eba1c73-a19b-4226-afec-d27c48388a04\"><span style=\"color: #333333;\">Xllentech English Islamic Calendar &lt; 2.6.8 &#8211; Authenticated SQL Injection<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/e0ca257e-6e78-4611-a9ad-be43d37cf474\"><span style=\"color: #333333;\">Side Menu &lt; 3.1.5 &#8211; Authenticated (admin+) SQL Injection<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/c25146fd-4143-463c-8c85-05dd33e9a77b\"><span style=\"color: #333333;\">Stock in &amp; out &lt;= 1.0.4 &#8211; Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/02ba4d8b-f4d2-42cd-9fae-b543e112fa04\"><span style=\"color: #333333;\">Sendit WP Newsletter &lt;= 2.5.1 &#8211; Authenticated (admin+) SQL Injection<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/06f1889d-8e2f-481a-b91b-3a8008e00ffc\"><span style=\"color: #333333;\">Visitors &lt;= 0.3 &#8211; Unauthenticated Stored Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/be356530-5e00-4f27-8177-b80f3c1ae6e8\"><span style=\"color: #333333;\">Simple 301 Redirects by BetterLinks &#8211; 2.0.0 \u2013 2.0.3 &#8211; Arbitrary Plugin Activation<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/ce8f9648-30fb-4fb9-894e-879dc0f26f98\"><span style=\"color: #333333;\">Simple 301 Redirects by BetterLinks &#8211; 2.0.0 \u2013 2.0.3 &#8211; Update and Retrieve Wildcard Value<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/8638b36c-6641-491f-b9df-5db3645e4668\"><span style=\"color: #333333;\">Simple 301 Redirects by BetterLinks &#8211; 2.0.0 \u2013 2.0.3 &#8211; Arbitrary Plugin Installation<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/74c23d56-e81f-47e9-bf8b-33d3f0e81894\"><span style=\"color: #333333;\">Simple 301 Redirects by BetterLinks &#8211; 2.0.0 \u2013 2.0.3 &#8211; Unauthenticated Redirect Import<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/d770f1fa-7652-465a-833c-b7178146847d\"><span style=\"color: #333333;\">Simple 301 Redirects by BetterLinks &#8211; 2.0.0 \u2013 2.0.3 &#8211; Unauthenticated Redirect Export<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/6bb4eb71-d702-4732-b01f-b723077d66ca\"><span style=\"color: #333333;\">Gallery From Files &lt;= 1.6.0 &#8211; Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/426cf3b5-1bb7-4e81-b240-f3c962590721\"><span style=\"color: #333333;\">Gallery From Files &lt;= 1.6.0 &#8211; Unauthenticated RCE<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/3d06075a-c106-48bb-849e-39b71f4c6818\"><span style=\"color: #333333;\">Multivendor Marketplace Solution for WooCommerce &lt; 3.7.4 &#8211; Unauthenticated Arbitrary Product Comment<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/d2b3c245-385e-495e-a19e-730a1ee28906\"><span style=\"color: #333333;\">Cookie Law Bar &lt;= 1.2.1 &#8211; Authenticated Stored Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a\"><span style=\"color: #333333;\">SP Project &amp; Document Manager &lt;= 4.21 &#8211; Authenticated Shell Upload<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/6d6c1d46-5c3d-4d56-9728-2f94064132aa\"><span style=\"color: #333333;\">Easy Preloader &lt;= 1.0.0 &#8211; Authenticated Stored Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/d6c72d90-e321-47b9-957a-6fea7c944293\"><span style=\"color: #333333;\">iFlyChat \u2013 WordPress Chat &lt;= 4.6.4 &#8211; Authenticated Stored Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a\"><span style=\"color: #333333;\">Video Embed &lt;= 1.0 &#8211; Authenticated (subscriber+) SQL Injection<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/dda0593e-cd97-454e-a8c8-15d7f690311c\"><span style=\"color: #333333;\">FlightLog &lt;= 3.0.2 &#8211; Authenticated (editor+) SQL Injection<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/d2970cfb-0aa9-4516-9a4b-32971f41a19c\"><span style=\"color: #333333;\">WP Statistics &lt; 13.0.8 &#8211; Unauthenticated SQL Injection<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/c7ab736d-27c4-4ec5-9681-a3f0dda86586\"><span style=\"color: #333333;\">WP Prayer &lt; 1.6.2 &#8211; Authenticated Stored Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/e5376e60-5f39-41be-a644-4e4a510bb848\"><span style=\"color: #333333;\">CM Registration Pro &lt; 3.2.1 &#8211; PHP Object Injection<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/ae79189a-6b63-4110-9567-cd7c97d71e4f\"><span style=\"color: #333333;\">Instant Images WordPress Plugin &lt; 4.4.0.1 &#8211; Authenticated Stored XSS &amp; XFS<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/2c7ca586-def8-4723-b779-09d7f37fa1ab\"><span style=\"color: #333333;\">Smooth Scroll Page Up\/Down Buttons &lt; 1.4 &#8211; Authenticated Stored XSS<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/b9748066-83b7-4762-9124-de021f687477\"><span style=\"color: #333333;\">Funnel Builder by CartFlows &lt; 1.6.13 &#8211; Authenticated Stored XSS via FB Pixel ID and Google Analytics ID<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/6bea6301-0762-45c3-a4eb-15d6ac4f9f37\"><span style=\"color: #333333;\">Database Backup for WordPress &lt; 2.4 &#8211; Authenticated Persistent Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/2142c3d3-9a7f-4e3c-8776-d469a355d62f\"><span style=\"color: #333333;\">WP Super Cache &lt; 1.7.3 &#8211; Authenticated Remote Code Execution<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/4fb90999-6f91-4200-a0cc-bfe9b34a5de9\"><span style=\"color: #333333;\">External Media &lt; 1.0.34 &#8211; Authenticated Arbitrary File Upload<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/ba1d01dc-16e4-464f-94be-ed311ff6ccf9\"><span style=\"color: #333333;\">Weekly Schedule &lt; 3.4.3 &#8211; Authenticated Stored XSS<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/f34096ec-b1b0-471d-88a4-4699178a3165\"><span style=\"color: #333333;\">Photo Gallery &lt; 1.5.67 &#8211; Authenticated Stored Cross-Site Scripting via Gallery Title<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/5ce667ae-9e38-4d25-919e-3b956874f869\"><span style=\"color: #333333;\">LifterLMS &lt; 4.21.1 &#8211; Reflected Cross-Site Scripting (XSS) via Coupon Code in Checkout<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/f29f68a5-6575-441d-98c9-867145f2b082\"><span style=\"color: #333333;\">LifterLMS &lt; 4.21.1 &#8211; Authenticated Stored XSS in Edit Profile<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/ab2c94d2-f6c4-418b-bd14-711ed164bcf1\"><span style=\"color: #333333;\">All in One SEO Pack &lt; 4.1.0.2 &#8211; Admin RCE via unserialize<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/fd6ce00b-8c5f-4180-b648-f47b37303670\"><span style=\"color: #333333;\">ReDi Restaurant Reservations &lt; 21.0426 &#8211; Unauthenticated Stored Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/30aebded-3eb3-4dda-90b5-12de5e622c91\"><span style=\"color: #333333;\">Simple Giveaways &lt; 2.36.2 &#8211; Unauthenticated Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/ad09a648-3c34-4870-b156-097af4fd7a57\"><span style=\"color: #333333;\">ThemeHigh WooCommerce Wishlist and Comparison &lt; 1.0.5 &#8211; Unauthorised AJAX call<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/c13a0932-ec35-414a-af4b-8115281b5590\"><span style=\"color: #333333;\">Zlick Paywall &lt; 2.2.2 &#8211; CSRF Bypasses<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/6678e064-ce21-4bb2-8c50-061073fb22fb\"><span style=\"color: #333333;\">Autoptimize &lt; 2.8.4 &#8211; Authenticated Stored Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/35516555-c50c-486a-886c-df49c9e51e2c\"><span style=\"color: #333333;\">Ultimate Member &lt; 2.1.20 &#8211; Authenticated Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/3d689de8-3c0c-49f0-a697-39a6dab52022\"><span style=\"color: #333333;\">UltimateWoo &lt;= 0.1.10 &#8211; PHP Object Injection<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/43b8cfb4-f875-432b-8e3b-52653fdee87c\"><span style=\"color: #333333;\">DSGVO All in one for WP &lt; 4.0 &#8211; Unauthenticated Stored Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/8ab02102-e4ee-4262-a785-0e9c6a30251f\"><span style=\"color: #333333;\">Leads-5050 Visitor Insights &lt; 1.0.4 &#8211; Unauthenticated License Change<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/3a7636bd-9535-4c2c-8263-1f00fff1c296\"><span style=\"color: #333333;\">Leads-5050 Visitor Insights &lt; 1.1.0 &#8211; Unauthorised License Change<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/5fbbc7ad-3f1a-48a1-b2eb-e57f153eb837\"><span style=\"color: #333333;\">PickPlugins Product Slider for WooCommerce &lt; 1.13.22 &#8211; Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/4d55d1f5-a7b8-4029-942d-7a13e2498f64\"><span style=\"color: #333333;\">Target First Plugin 2.0 &#8211; Unauthenticated Stored XSS via Licence Key<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/372a66ca-1c3c-4429-86a5-81dbdaa9ec7d\"><span style=\"color: #333333;\">Hana Flv Player &lt;= 3.1.3 &#8211; Authenticated Stored Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/6b9be00b-6eef-4f9f-8f78-16ab34e16f7d\"><span style=\"color: #333333;\">Parcel Tracker eCourier &lt; 1.0.2 &#8211; Plugin&rsquo;s Settings Update via CSRF<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/c84ce716-f7ed-449c-b41d-daff9f19174e\"><span style=\"color: #333333;\">Ship To Ecourier &lt; 1.0.2 &#8211; Plugin&rsquo;s Settings Update via CSRF<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/2411d7d8-3c1f-4d0a-98cb-050a7adf04e5\"><span style=\"color: #333333;\">Simple Admin Language Change &lt; 2.0.2 &#8211; Arbitrary User Locale Change<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/eb8e2b9d-f153-49c9-862a-5c016934f9ad\"><span style=\"color: #333333;\">Hotjar Connecticator &lt;= 1.1.1 &#8211; Authenticated Stored Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/c450f54a-3372-49b2-8ad8-68d5cc0dd49e\"><span style=\"color: #333333;\">WP Customer Reviews &lt; 3.5.6 &#8211; Authenticated Stored Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/152171fc-888c-4275-a118-5a1e664ef28b\"><span style=\"color: #333333;\">Spam protection, AntiSpam, FireWall by CleanTalk &lt; 5.153.4 &#8211; Unauthenticated Blind SQL Injection<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"color: #333333;\"><br \/>\n<b>WordPress Theme Vulnerabilities<\/b><\/span><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/415ca763-fe65-48cb-acd3-b375a400217e\"><span style=\"color: #333333;\">JNews &lt; 8.0.6 &#8211; Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/39258aba-2449-4214-a490-b8e46945117d\"><span style=\"color: #333333;\">Car Repair Services &lt; 4.0 &#8211; Unauthenticated Reflected XSS &amp; XFS<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/57e27de4-58f5-46aa-9b59-809705733b2e\"><span style=\"color: #333333;\">Mediumish &lt;= 1.0.47 &#8211; Unauthenticated Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/704d8886-df9e-4217-88d1-a72a71924174\"><span style=\"color: #333333;\">Listeo &lt; 1.6.11 &#8211; Multiple XSS &amp; XFS vulnerabilities<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/9afa7e11-68b3-4196-975e-8b3f8e68ce56\"><span style=\"color: #333333;\">Listeo &lt; 1.6.11 &#8211; Multiple Authenticated IDOR Vulnerabilities<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/2c274eb7-25f1-49d4-a2c8-8ce8cecebe68\"><span style=\"color: #333333;\">Bello &lt; 1.6.0 &#8211; Authenticated Cross-Site Scripting (XSS) and XFS<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/6b5b42fd-028a-4405-b027-3266058029bb\"><span style=\"color: #333333;\">Bello &lt; 1.6.0 &#8211; Unauthenticated Reflected XSS &amp; XFS<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/7314f9fa-c047-4e0c-b145-940240a50c02\"><span style=\"color: #333333;\">Bello &lt; 1.6.0 &#8211; Unauthenticated Blind SQL Injection<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/wpscan.com\/vulnerability\/a64a3b2e-7924-47aa-96e8-3aa02a6cdccc\"><span style=\"color: #333333;\">Goto &lt; 2.1 &#8211; Reflected Cross-Site Scripting (XSS)<\/span><\/a><span style=\"color: #333333;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><b>Ce qu\u2019il faut faire<\/b><\/p>\n<p><span style=\"color: #ff0000;\">Les vuln\u00e9rabilit\u00e9s n&rsquo;ont pas \u00e9t\u00e9 corrig\u00e9es. Gardez un \u0153il sur le journal des modifications pour une mise \u00e0 jour qui inclut un correctif.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h4 style=\"text-align: center;\">La maintenance de votre site WordPress permet des mises \u00e0 jour r\u00e9guli\u00e8res afin d\u2019\u00e9viter les bugs et les probl\u00e8mes de piratage.<\/h4>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.maintenance-cms-wp.fr\/services\/maintenance-et-support-wordpress\/\">Nous solutions de maintenance WordPress \u00e0 partir de 34\u20ac ht\/ mois\u00a0<\/a><\/p>\n<p style=\"text-align: right;\">source : <span style=\"color: #333333;\">WPScan <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Derni\u00e8res failles de s\u00e9curit\u00e9 plugins et WordPress Plusieurs nouvelles vuln\u00e9rabilit\u00e9s de plugins et de th\u00e8mes WordPress ont \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9es au cours de mai 2021, nous&#8230;<\/p>\n","protected":false},"author":2,"featured_media":2687,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[31,32,30],"tags":[],"class_list":["post-8447","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-plugins","category-vulnerabilite","category-wordpress"],"_links":{"self":[{"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/posts\/8447","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/comments?post=8447"}],"version-history":[{"count":0,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/posts\/8447\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/media\/2687"}],"wp:attachment":[{"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/media?parent=8447"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/categories?post=8447"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/tags?post=8447"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}