139 vulnérabilités ont été divulguées dans le logiciel WordPress la semaine dernière.
La semaine dernière, 139 vulnérabilités ont été divulguées dans 105 plugins et 2 thèmes WordPress qui ont été ajoutées à la base de données des vulnérabilités de Wordfence Intelligence par l’équipe de Wordfence Threat Intelligence.
L’équipe a également déployé 1 nouvelle règle de pare-feu qui offre aux clients de Wordfence Premium, Care et Response une protection renforcée contre une vulnérabilité qui a déjà commencé à voir une exploitation active. Les utilisateurs gratuits de Wordfence recevront cette protection après un délai de 30 jours.
P.S. Si tu utilises le plugin Wordfence sur ton site WordPress, avec le scanner activé, tu devrais déjà avoir été notifié si ton site était affecté par l’une de ces vulnérabilités.
Au Farweb, nous avons bien mis à jour les plugins et les thèmes concernés afin que ceux-ci ne soient plus un risque pour votre site Internet.
La mission du plugin de sécurité Wordfence Intelligence est de rendre des informations sur les vulnérabilités facilement accessibles à tous. Cette article a été traduit directement depuis leur newsletter.
Nouvelles règles de pare-feu déployées la semaine dernière
L’équipe de veille sur les menaces de Wordfence examine chaque vulnérabilité pour en déterminer l’impact et la gravité, tout en évaluant la probabilité d’exploitation, afin de vérifier que le pare-feu de Wordfence fournit une protection suffisante.
L’équipe a déployé une protection améliorée via des règles de pare-feu pour les vulnérabilités suivantes en temps réel pour nos clients Premium, Care et Response la semaine dernière :
Essential Addons for Elementor <= 5.7.1 – Réinitialisation arbitraire et non authentifiée du mot de passe avec escalade des privilèges.
Cette vulnérabilité est activement exploitée. Nous avons bloqué plus de 600 tentatives d’exploitation au cours des dernières 24 heures, et nous nous attendons à ce que cela continue. Pour en savoir plus, cliquez ici.
Les clients de Wordfence Premium, Care et Response ont reçu cette protection immédiatement, tandis que les utilisateurs de la version gratuite de Wordfence recevront cette protection améliorée après un délai de 30 jours.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
| Unpatched | 47 |
| Patched | 92 |
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| 10Web Social Post Feed | wd-facebook-feed |
| Active Directory Integration / LDAP Integration | ldap-login-for-intranet-sites |
| Add Posts to Pages | add-posts-to-pages |
| Announcement & Notification Banner – Bulletin | bulletin-announcements |
| Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection | stopbadbots |
| Block Referer Spam | block-referer-spam |
| Booking Ultra Pro Appointments Booking Calendar Plugin | booking-ultra-pro |
| Brands for WooCommerce | brands-for-woocommerce |
| Button | button |
| CALL ME NOW | lokalyze-call-now |
| CM On Demand Search And Replace | cm-on-demand-search-and-replace |
| Column-Matic | column-matic |
| Community by PeepSo – Social Network, Membership, Registration, User Profiles | peepso-core |
| Complianz – GDPR/CCPA Cookie Consent | complianz-gdpr |
| Custom Base Terms | custom-base-terms |
| Custom Field Suite | custom-field-suite |
| DBargain | d-bargain |
| DevBuddy Twitter Feed | devbuddy-twitter-feed |
| Directorist – WordPress Business Directory Plugin with Classified Ads Listings | directorist |
| Don8 | don8 |
| Donations Made Easy – Smart Donations | smart-donations |
| Download Manager | download-manager |
| Download Monitor | download-monitor |
| Dyslexiefont Free | dyslexiefont |
| Easy Form by AYS | easy-form |
| Easy Hide Login | easy-hide-login |
| Elementor Website Builder | elementor |
| Essential Addons for Elementor | essential-addons-for-elementor-lite |
| ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) | google-analytics-dashboard-for-wp |
| Featured Image Pro Post Grid | featured-image-pro |
| Forget About Shortcode Buttons | forget-about-shortcode-buttons |
| Free WordPress Lead Generation Opt in, Free Popups, Generated Lead Email Popup, Exit-Intent Popup – NotifyVisitors | notifyvisitors-lead-form |
| Frontend Post WordPress Plugin – AccessPress Anonymous Post | accesspress-anonymous-post |
| GTmetrix for WordPress | gtmetrix-for-wordpress |
| Get your number | get-your-number |
| GiveWP – Donation Plugin and Fundraising Platform | give |
| Google Site Verification plugin using Meta Tag | google-site-verification-using-meta-tag |
| Hide My WP Ghost – Security Plugin | hide-my-wp |
| Hostel | hostel |
| Hyphenator | hyphenator |
| Injection Guard | injection-guard |
| LetterPress – E-Mail campaigns, marketing and newsletter Plugin for WordPress | letterpress |
| Link Whisper Free | link-whisper |
| Locatoraid Store Locator | locatoraid |
| MW WP Form | mw-wp-form |
| MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder | mailchimp-subscribe-sm |
| Manager for Icomoon | manager-for-icomoon |
| MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) | google-analytics-for-wordpress |
| My WP Customize Admin/Frontend | my-wp |
| Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue | mailin |
| Order Your Posts Manually | order-your-posts-manually |
| Owl Carousel | owl-carousel |
| Pinterest RSS Widget | pinterest-rss-widget |
| Portfolio Gallery – Responsive Image Gallery | gallery-portfolio |
| Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions | buddyforms |
| Post Snippets – Custom WordPress Code Snippets Customizer | post-snippets |
| Post State Tags | post-state-tags |
| Pricing Table Builder – AP Pricing Tables Lite | ap-pricing-tables-lite |
| Pro Mime Types | pro-mime-types |
| Product page shipping calculator for WooCommerce | product-page-shipping-calculator-for-woocommerce |
| QuBot – Chatbot Builder with Templates | qubotchat |
| Quick Page/Post Redirect Plugin | quick-pagepost-redirect-plugin |
| Radio Station by netmix® – Manage and play your Show Schedule in WordPress! | radio-station |
| RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | custom-registration-form-builder-with-submission-manager |
| Restaurant Menu – Food Ordering System – Table Reservation | menu-ordering-reservations |
| SALERT – Fake Sales Notification WooCommerce | salert |
| SEO by 10Web | seo-by-10web |
| ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization | shortpixel-adaptive-images |
| Simple Calendar – Google Calendar Plugin | google-calendar-events |
| Slimstat Analytics | wp-slimstat |
| Snow Monkey Forms | snow-monkey-forms |
| SoundCloud Is Gold | soundcloud-is-gold |
| Sunny Search | fast-search-powered-by-solr |
| Team Circle Image Slider With Lightbox | circle-image-slider-with-lightbox |
| Ultimate Addons for Contact Form 7 | ultimate-addons-for-contact-form-7 |
| VK All in One Expansion Unit | vk-all-in-one-expansion-unit |
| VK Blocks | vk-blocks |
| VK Blocks Pro | vk-blocks-pro |
| WCP Contact Form | wcp-contact-form |
| WP Abstracts | wp-abstracts-manuscripts-manager |
| WP All Backup | wp-all-backup |
| WP Category Post List Widget | wp-category-posts-list |
| WP Chinese Conversion | wp-chinese-conversion |
| WP Multi Store Locator | wp-multi-store-locator |
| WP Reactions Lite | wp-reactions-lite |
| WP Register Profile With Shortcode | wp-register-profile-with-shortcode |
| WP Replicate Post | wp-replicate-post |
| WP Responsive Tabs horizontal vertical and accordion Tabs | responsive-horizontal-vertical-and-accordion-tabs |
| WP-Chatbot for Messenger | wp-chatbot |
| WPCS – WordPress Currency Switcher Professional | currency-switcher |
| Web Stories for WordPress | UNKNOWN-CVE-2023-1979-1 |
| Whydonate – FREE Donate button – Crowdfunding – Fundraising | wp-whydonate |
| Wise Chat | wise-chat |
| Woo Custom Emails | woo-custom-emails |
| Woodmart Core | woodmart-core |
| WordPress Online Booking and Scheduling Plugin – Bookly | bookly-responsive-appointment-booking-tool |
| YITH WooCommerce Gift Cards Premium | yith-woocommerce-gift-cards-premium |
| Yoast SEO Premium | wordpress-seo-premium |
| Yoast SEO: Local | wpseo-local |
| Zero Spam for WordPress | zero-spam |
| eBecas | ebecas |
| iframe popup | iframe-popup |
| itemprop WP for SERP/SEO Rich snippets | itempropwp |
| weebotLite | weebotlite |
| wordpress vertical image slider plugin | wp-vertical-image-slider |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| Divi | Divi |
| Woodmart | woodmart |
