WordPress Vulnerability & Patch Roundup December 2022
2022-12-29 06:58:4 Author: blog.sucuri.net(查看原文) 阅读量:38 收藏

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.

To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.


Autoptimize — Sensitive Data Exposure

Security Risk: Medium
Exploitation Level: No authentication required.
Vulnerability: Sensitive Data Exposure
CVE: CVE-2022-4057
Number of Installations: 1,000,000+
Affected Software: Autoptimize <=3.0.4
Patched Versions: Autoptimize 3.1.0

Easily guessable paths are used to store the plugin’s exported settings and logs, potentially allowing a bad actor to gain unauthorized access to sensitive information.

Mitigation steps: Update to Autoptimize plugin version 3.1.0 or greater.


Loginizer — Cross-Site Scripting

Security Risk: Medium
Exploitation Level: No authentication required.
Vulnerability: Cross-Site Scripting
CVE: CVE-2022-45084
Number of Installations: 1,000,000+
Affected Software: Loginizer <= 1.7.5
Patched Versions: Loginizer 1.7.6

A parameter is not properly sanitized and escaped, potentially leading to malicious script injections and cross-site scripting attacks.

Mitigation steps: Update to Loginizer plugin version 1.7.6 or greater.


YITH WooCommerce Wishlist — Cross Site Request Forgery

Security Risk: Medium
Exploitation Level: No authentication required.
Vulnerability: Broken Access Control
CVE: CVE-2022-44630
Number of Installations: 900,000+
Affected Software: YITH WooCommerce Wishlist <= 3.14.0
Patched Versions: YITH WooCommerce Wishlist 3.15.0

A CSRF vulnerability in the plugin can potentially allow a bad actor to force admins or other high privilege users into executing unwanted actions.

Mitigation steps: Update to YITH WooCommerce Wishlist plugin version 3.15.0 or greater.


Table of Contents Plus — Stored Cross-Site Scripting

Security Risk: Medium
Exploitation Level: Requires contributor level or higher.
Vulnerability: Cross-Site Scripting
CVE: CVE-2022-4479
Number of Installations: 300,000+
Affected Software: Table of Contents Plus < 2212
Patched Versions: Table of Contents Plus 2212

Some shortcode attributes are not properly validated and escaped by the plugin, potentially allowing an attacker with contributor role or higher to perform stored cross-site scripting attacks.

Mitigation steps: Update to Table of Contents Plus plugin version 2212 or greater.


ProfilePress — Cross Site Scripting

Security Risk: Medium
Exploitation Level: Requires admin or other high level authentication.
Vulnerability: Cross-Site Scripting
CVE: CVE-2022-4697
Number of Installations: 300,000+
Affected Software: ProfilePress <= 4.5.0
Patched Versions: ProfilePress 4.5.1

The plugin does not properly sanitize inputs or escape outputs in a parameter, potentially allowing an authenticated bad actor to perform cross site scripting attacks.

Mitigation steps: Update to ProfilePress plugin version 4.5.1 or greater.


YITH WooCommerce Compare — Cross Site Request Forgery

Security Risk: Medium
Exploitation Level: No authentication required.
Vulnerability: Broken Access Control
CVE: CVE-2022-44630
Number of Installations: 200,000+
Affected Software: YITH WooCommerce Compare <= 2.20.0
Patched Versions: YITH WooCommerce Compare 2.20.1

A CSRF vulnerability in the plugin can potentially allow a bad actor to force admins or other high privilege users into executing unwanted actions.

Mitigation steps: Update to YITH WooCommerce Compare plugin version 2.20.1 or greater.


Slimstat Analytics — Unauthenticated Cross-Site Scripting

Security Risk: Medium
Exploitation Level: No authentication required.
Vulnerability: Cross Site Scripting
CVE: CVE-2022-4310
Number of Installations: 100,000+
Affected Software: Slimstat Analytics <= 4.9.2
Patched Versions: Slimstat Analytics 4.9.3

Mitigation steps: Update to Slimstat Analytics plugin version 4.9.3 or greater.


YITH WooCommerce Quick View — Cross Site Request Forgery

Security Risk: Medium
Exploitation Level:  No authentication required.
Vulnerability: Broken Access Control
CVE: CVE-2022-44630
Number of Installations: 100,000+
Affected Software: YITH WooCommerce Quick View <= 1.21.0
Patched Versions: YITH WooCommerce Quick View 1.21.1

A CSRF vulnerability in the plugin can potentially allow a bad actor to force admins or other high privilege users into executing unwanted actions.

Mitigation steps: Update to YITH WooCommerce Quick View plugin version 1.21.1 or greater.


Download Manager — Stored Cross-Site Scripting

Security Risk: Medium
Exploitation Level: Requires contributor or higher authentication.
Vulnerability: Cross-Site Scripting
CVE: CVE-2022-4476
Number of Installations: 100,000+
Affected Software: Download Manager <= 3.2.61
Patched Versions: Download Manager 3.2.62

Some shortcode attributes are not properly validated and escaped by the plugin, potentially allowing an attacker with contributor role or higher to perform stored cross-site scripting attacks.

Mitigation steps: Update to Download Manager plugin version 3.2.62 or greater.


Smash Balloon Social Post Feed — Stored Cross-Site Scripting

Security Risk: Medium
Exploitation Level: Requires contributor or higher authentication.
Vulnerability: Cross-Site Scripting
CVE: CVE-2022-4477
Number of Installations: 100,000+
Affected Software: Smash Balloon Social Post Feed <= 4.1.5
Patched Versions: Smash Balloon Social Post Feed  4.1.6

Some shortcode attributes are not properly validated and escaped by the plugin, potentially allowing an attacker with contributor role or higher to perform stored cross-site scripting attacks.

Mitigation steps: Update to Smash Balloon Social Post Feed plugin version 4.1.6 or greater.


Mesmerize Companion — Stored Cross-Site Scripting

Security Risk: Medium
Exploitation Level: Requires contributor or higher authentication.
Vulnerability: Cross-Site Scripting
CVE: CVE-2022-4481
Number of Installations: 100,000+
Affected Software: Mesmerize Companion <= 1.6.134
Patched Versions: Mesmerize Companion 1.6.135

Some shortcode attributes are not properly validated and escaped by the plugin, potentially allowing an attacker with contributor role or higher to perform stored cross-site scripting attacks.

Mitigation steps: Update to Mesmerize Companion plugin version 1.6.135 or greater.


YITH WooCommerce Catalog Mode — Cross Site Request Forgery

Security Risk: Medium
Exploitation Level: No authentication required.
Vulnerability: Broken Access Control
CVE: CVE-2022-44630
Number of Installations: 60,000+
Affected Software: YITH WooCommerce Catalog Mode <= 2.16.0
Patched Versions: YITH WooCommerce Catalog Mode 2.16.1

A CSRF vulnerability in the plugin can potentially allow a bad actor to force admins or other high privilege users into executing unwanted actions.

Mitigation steps: Update to YITH WooCommerce Catalog Mode plugin version 2.16.1 or greater.


Afterpay Gateway for WooCommerce — Reflected Cross-Site Scripting

Security Risk: Medium
Exploitation Level: No authentication required.
Vulnerability: Cross-Site Scripting
CVE: CVE-2022-29416
Number of Installations: 10,000+
Affected Software: Afterpay Gateway for WooCommerce <= 3.5.0
Patched Versions: Afterpay Gateway for WooCommerce 3.5.1

A parameter is not properly sanitized and escaped before being outputted back into the page, which can potentially lead to a reflected cross-site scripting attack.

Mitigation steps: Update to Afterpay Gateway for WooCommerce plugin version 3.5.1 or greater.


YITH WooCommerce Order & Shipment Tracking — CSRF

Security Risk: Medium
Exploitation Level: No authentication required.
Vulnerability: Broken Access Control
CVE: CVE-2022-44630
Number of Installations: 10,000+
Affected Software: YITH WooCommerce Order & Shipment Tracking <= 2.7.0
Patched Versions: YITH WooCommerce Order & Shipment Tracking 2.8.0

A CSRF vulnerability in the plugin can potentially allow a bad actor to force admins or other high privilege users into executing unwanted actions.

Mitigation steps: Update to YITH WooCommerce Order & Shipment Tracking plugin version 2.8.0 or greater.


YITH Essential Kit for WooCommerce #1 — CSRF

Security Risk: Medium
Exploitation Level: No authentication required.
Vulnerability: Broken Access Control
CVE: CVE-2022-44630
Number of Installations: 10,000+
Affected Software: YITH Essential Kit for WooCommerce #1 <= 2.13.0
Patched Versions: YITH Essential Kit for WooCommerce #1 2.14.0

A CSRF vulnerability in the plugin can potentially allow a bad actor to force admins or other high privilege users into executing unwanted actions.

Mitigation steps: Update to YITH Essential Kit for WooCommerce #1 plugin version 2.14.0 or greater.


YITH Infinite Scrolling — Cross Site Request Forgery

Security Risk: Medium
Exploitation Level: No authentication required.
Vulnerability: Broken Access Control
CVE: CVE-2022-44630
Number of Installations: 10,000+
Affected Software: YITH Infinite Scrolling <= 1.7.0
Patched Versions: YITH Infinite Scrolling 1.8.0

A CSRF vulnerability in the plugin can potentially allow a bad actor to force admins or other high privilege users into executing unwanted actions.

Mitigation steps: Update to YITH Infinite Scrolling plugin version or greater.


GD bbPress Attachments — Stored Cross-Site Scripting

Security Risk: Low
Exploitation Level: Requires admin or other high privilege authentication.
Vulnerability: Cross-Site Scripting
CVE: CVE-2022-45816
Number of Installations: 8,000+
Affected Software: GD bbPress Attachments <= 4.3
Patched Versions: GD bbPress Attachments 4.4

Some settings are not properly escaped and sanitized, potentially allowing an admin or other high privilege user to perform stored cross-site scripting attacks.

Mitigation steps: Update to GD bbPress Attachments plugin version 4.4 or greater.


Chained Quiz — Multiple Reflected Cross-Site Scripting

Security Risk: Low
Exploitation Level: No authentication required.
Vulnerability: Cross-Site Scripting
CVE:
CVE-2022-4208
CVE-2022-4209
CVE-2022-4210
CVE-2022-4211
CVE-2022-4212
Number of Installations: 2,000+
Affected Software: Chained Quiz <= 1.3.2.2
Patched Versions: Chained Quiz <= 1.3.2.3

The datef, pointsf, ipf, email and dnf parameters are not properly sanitized and escaped by the plugin, potentially leading to reflected cross-site scripting attacks.

Mitigation steps: Update to Chained Quiz plugin version 1.3.2.3 or greater.

Update your website software to mitigate risk. Users who are not able to update their software with the latest version are encouraged to use a web application firewall to help virtually patch known vulnerabilities and protect their website.

文章来源: https://blog.sucuri.net/2022/12/wordpress-vulnerability-patch-roundup-december-2022.html
如有侵权请联系:admin#unsafe.sh