Let op: 2 WP Core kwetsbaarheid APR 2021

WP CORE VULNERABILITY APR 2021

WP Core Vulnerability APR 2021:

Authenticated XXE Within the Media Library Affecting PHP 8

Voor uw op de hoogte zijn van de LATEST WP Core Vulnerability APR 2021. Publicly known since its first official report on 2022-04-15 or it’s official disclosure on 2022-04-28. All versions of WordPress starting with 5.6-5.7 have the Authenticated XXE Within the Media Library Affecting PHP 8 vulnerability.

WordPress 5.6-5.7 – Authenticated XXE Within the Media Library Affecting PHP 8
CVE-2021-29447
Referenties: Changeset 29378


Impact – What can an attacker do:
A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. WordPress used an audio parsing library called ID3 that was affected by an XML External Entity (XXE) vulnerability affecting PHP versions 8 and above.

Word gezond, blijf gezond: Een gezondere online zaken beginnen vandaag en het begint met jou!

WP Core Vulnerability APR 2021:

Authenticated Password Protected Pages Exposure

Voor uw op de hoogte zijn van de LATEST WP Core Vulnerability APR 2021. Publicly known since its first official report on 2022-04-15 or it’s official disclosure on 2022-04-27. All versions of WordPress starting with 4.7-5.7 have the Authenticated Password Protected Pages Exposure vulnerability.

WordPress 4.7-5.7 – Authenticated Password Protected Pages Exposure
CVE-2021-29450
Referenties: Changeset 50717


Impact – What can an attacker do:
The Latest Posts block in the WordPress editor can be exploited in a way that exposes password-protected posts and pages via the posts REST API when the “edit” context was used. This requires at least contributor privileges.

Bescherm uw WordPress: VOORDAT HET TE LAAT IS! U zult ook uw klanten, uw reputatie en uw online handel!

Verwante berichten

uilpower.eu
uilpower.eu
nl_BE
×





fout: Alarm: owlpower.eu is beschermd!