Failles de sécurité Plugins WordPress semaine 39

Failles de sécurité Plugins WordPress semaine 39

Author: WP Serveur

Date: September 25, 2020 

Category: Security

WPServeur vous informe des dernières failles de sécurité plugins et thèmes WordPress connues.

Plugins WordPress :

Simple:Press < 6.6.1 - Broken Access Control leading to RCE XCloner Backup and Restore < 4.2.153 - Cross-Site Request Forgery XCloner Backup and Restore 4.2.1 - 4.2.12 - Unprotected AJAX Action Drag and Drop Multiple File Upload – Contact Form 7 < 1.3.5.5 - Unauthenticated Remote Code Execution Discount Rules for WooCommerce < 2.2.1 - Multiple Authorization Bypass MetaSlider < 3.17.2 - Authenticated Stored Cross-Site Scripting (XSS) Funnel Builder by CartFlows - Cross-Site Request Forgery (CSRF) Paid Memberships Pro - Cross-Site Request


World of WordPress is hosted by:

Servebolt: next level high performance hosting.

While others try to add more components to their hosting to make it go faster, we decided to build our hosting cloud fast from the ground up. We did so by stripping out everything we knew was deadweight.