Vulnerabilidades en plugins de WordPress

Descripción

A lo largo del mes de abril y principios de mayo se han ido publicando diversas vulnerabilidades que afectan a varios plugins de WordPress. Todos ellos se deben por ser del tipo Cross Site Scripting (XSS), tanto persistente como reflejado como sin autenticar.

Recursos afectados

A continuación, se indican el nombre de los afectados, la vulnerabilidad, severidad y la versión en los que se han corregido los fallos de seguridad:

Plugin Vulnerability Severity Patched version
goto Reflected XSS Low 2
bello Unauthenticated SQL Injection high 1.5.8
add-search-to-menu Reflected XSS Low 4.6.1
cooked-pro Reflected XSS Low 1.7.5.6
advanced-booking-calendar Authenticated XSS Low 1.6.8
woocommerce-customers-manager Authenticated XSS Low 26.7
wp-pagebuilder Multiple Stored Cross-Site Scripting Medium 1.2.4
advanced-custom-fields-pro Reflected XSS Low 5.9.1
essential-addons-for-elementor-lite Multiple Authenticated XSS Medium 4.5.4
header-footer-elementor Multiple Authenticated Stored XSS Medium 1.5.8
ultimate-elementor Multiple Authenticated Stored XSS Medium 1.30.0
premium-addons-for-elementor Multiple Authenticated Stored XSS Medium 4.2.8
elementskit-lite Multiple Authenticated Stored XSS Medium 2.2.0
addon-elements-for-elementor-page-builder Multiple Authenticated XSS Low 1.11.2
addons-for-elementor Multiple Authenticated Stored XSS Medium 6.8
ht-mega-for-elementor Multiple Authenticated Stored XSS Medium 1.5.7
woolentor-addons Multiple Authenticated Stored XSS Medium 1.8.6
powerpack-lite-for-elementor Multiple Authenticated Stored XSS Medium 2.3.2
image-hover-effects-addon-for-elementor Multiple Authenticated Stored XSS Medium 1.3.4
rife-elementor-extensions Multiple Authenticated Stored XSS Medium 1.1.6
the-plus-addons-for-elementor-page-builder Multiple Authenticated Stored XSS Medium 2.0.6
widgetkit-for-elementor Multiple Authenticated Stored XSS Medium 2.3.10
jetwidgets-for-elementor Multiple Authenticated Stored XSS Medium 1.0.9
sina-extension-for-elementor Multiple Authenticated Stored XSS Medium 3.3.12
dethemekit-for-elementor Multiple Authenticated Stored XSS Medium 1.5.5.5
easy-digital-downloads1 Cross-Site Request Forgery Low 2.10.3
slider-range-htapps Unauthenticated XSS Low 1.1.10
woo-billing-with-invoicexpress Unauthenticated XSS Low 3.0.3
seo-redirection Multiple Authenticated Stored XSS Medium 6.4
seo-redirection Unauthenticated XSS Low 6.4
all-404-redirect-to-homepage Multiple Authenticated Stored XSS Medium 1.21
give Authenticated Persistent XSS Medium 2.10.2
rss-for-yandex-turbo Authenticated Persistent XSS Medium 1.3
wp-db-backup Authenticated Persistent XSS Medium 2.4
better-wp-security Hide Backend Bypass vulnerability Medium 7.9.1
ultimate-maps-by-supsystic Reflected XSS Low 1.2.5
popup-by-supsystic Reflected XSS Low 1.10.5
goto Unauthenticated Blind SQL Injection high 2.1
wp-super-cache Authenticated Persistent XSS Medium 1.7.3
woocommerce Authenticated Persistent XSS Medium 5.2.0
nextgen-gallery-pro Reflected XSS Low 3.1.11
select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons Reflected XSS Low 1.3.2
accordions Authenticated Reflected XSS Low 2.2.30

Solución

Para solucionar todas estas vulnerabilidades, actualizar a la versión indicada previamente en cada uno de los diferentes plugins. Con actualizar el propio WordPress no es suficiente, los plugins también pueden ser un vector de ataque.

Referencias

Publicación CCN-CERT – WordPress

Artículos relacionados

Múltiples vulnerabilidades en productos Juniper

Etiqueta Seresco