TR-21-0598 (WordPress Eklenti Zafiyeti)

Genel Bilgi

Bazı WordPress eklentilerinde XSS, SQL Enjeksiyonu ve Siteler Arası İstek Sahteciliği güvenlik zafiyeti tespit edilmiştir.

Etki

Mevcut güvenlik açıklıkları nedeniyle siber saldırganların saldırı gerçekleştirmeleri ihtimal dahilindedir. CVE kodları şöyledir:

CVE-2021-24468, CVE-2021-24470, CVE-2021-24472, CVE-2021-24473, CVE-2021-24474, CVE-2021-24476, CVE-2021-24477, CVE-2021-24478, CVE-2021-24479, CVE-2021-24480, CVE-2021-24481, CVE-2021-24483, CVE-2021-24484, CVE-2021-24488, CVE-2021-24492, CVE-2021-24496, CVE-2021-24498, CVE-2021-24503, CVE-2021-24504, CVE-2021-34639, CVE-2021-34628, CVE-2021-34632, CVE-2021-34635 ve CVE-2021-34637

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), kullanıcı ve sistem yöneticilerine; WordPress tarafından yayınlanan güvenlik önerilerini incelemelerini ve WordPress versiyonlarını yükseltmelerini tavsiye etmektedir.

Kaynaklar

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24468

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24470

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24472

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24473

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24474

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24476

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24477

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24478

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24479

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24480

2021-08-03



Kaynak