WordPress Vulnerability & Patch Roundup January 2023
2023-1-31 03:12:44 Author: blog.sucuri.net(查看原文) 阅读量:34 收藏

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.

To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.

The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected. If you don’t have it installed yet, you can use our web application firewall to protect against known vulnerabilities.


SiteGround Security – SQL injection

Security Risk: Low
Exploitation Level: Requires Admin authentication.
Vulnerability: Injection
CVE: CVE-2023-0234
Number of Installations: 700,000+
Affected Software: SiteGround Security <= 1.3.0
Patched Versions: SiteGround Security 1.3.1

User input is not properly sanitized by the plugin prior to use in an SQL query which can potentially lead to authentication SQL injections.

Mitigation steps: Update to SiteGround Security plugin version 1.3.1 or greater.


ExactMetrics – Cross Site Scripting (XSS)

Security Risk: Medium
Exploitation Level: Requires Contributor level authentication or higher.
Vulnerability: Cross-Site Scripting (XSS)
CVE: CVE-2023-0082
Number of Installations: 700,000+
Affected Software: ExactMetrics <= 7.12.0
Patched Versions: ExactMetrics 7.12.1

Block options are not properly validated and escaped properly prior to outputting them back on a page or post where the block is embedded, potentially allowing Contributors or higher to perform stored cross site scripting attacks.

Mitigation steps: Update to ExactMetrics plugin version or greater.


Enable Media Replace – Arbitrary File Upload

Security Risk: Medium
Exploitation Level: Requires Author level authentication or higher.
Vulnerability: Arbitrary File Upload
CVE: CVE-2023-0255
Number of Installations: 600,000+
Affected Software: Enable Media Replace <= 4.0.1
Patched Versions: Enable Media Replace 4.0.2

Authors and other high permission authentication users are potentially able to upload arbitrary files to affected environments.

Mitigation steps: Update to Enable Media Replace plugin version or greater.


Spectra WordPress Gutenberg Blocks – Stored Cross Site Scripting

Security Risk: Medium
Exploitation Level: Requires Contributor level authentication or higher.
Vulnerability: Cross-Site Scripting (XSS)
CVE: CVE-2020-36656
Number of Installations: 400,000+
Affected Software: Spectra < 2.3.2
Patched Versions: Spectra 2.3.2

User inputs are not properly sanitized by the plugin, potentially allowing contributors and other high level authenticated users to conduct stored cross-site scripting attacks.

Mitigation steps: Update to Spectra plugin version 2.3.2 or greater.


GiveWP – SQL Injection

Security Risk: High
Exploitation Level: No authentication required.
Vulnerability: Injection
CVE: CVE-2023-0224
Number of Installations: 100,000+
Affected Software: GiveWP <= 2.24.0
Patched Versions: GiveWP 2.24.1

User input is not properly escaped by the plugin, potentially allowing unauthenticated users to perform SQL injection attacks on affected websites.

Mitigation steps: Update to GiveWP plugin version 2.24.1 or greater.


Better Font Awesome – Cross Site Scripting (XSS)

Security Risk: Medium
Exploitation Level: Requires Contributor level authentication or higher.
Vulnerability: Cross Site Scripting (XSS)
CVE: CVE-2022-4512
Number of Installations: 100,000+
Affected Software: Better Font Awesome < 2.0.4
Patched Versions: Better Font Awesome 2.0.4

Shortcode attributes are not properly validated and escaped prior to outputting into a page or post where the shortcode is embedded, potentially allowing contributors or other high level authenticated users to perform stored cross site scripting attacks.

Mitigation steps: Update to Better Font Awesome plugin version 2.0.4 or greater.


LearnPress – SQL Injection

Security Risk: High
Exploitation Level: No authentication needed.
Vulnerability: Injection
CVE: CVE-2022-45808
Number of Installations: 100,000+
Affected Software: LearnPress <= 4.1.7.3.2
Patched Versions: LearnPress 4.2.0

User input is not properly escaped by the plugin, potentially allowing an unauthenticated user to perform SQL injection attacks on affected websites.

Mitigation steps: Update to LearnPress plugin version 4.2.0 or greater.


Royal Elementor Addons and Templates – Cross Site Scripting (XSS)

Security Risk: Medium
Exploitation Level: No authentication required.
Vulnerability: Cross Site Scripting (XSS)
CVE: CVE-2022-4710
Number of Installations: 100,000+
Affected Software: Royal Elementor <= 1.3.59
Patched Versions: Royal Elementor 1.3.60

A parameter is not properly escaped and outputted by the plugin, potentially allowing an unauthenticated attacker to inject arbitrary code and perform reflected cross-site scripting attacks on affected websites.

Mitigation steps: Update to Royal Elementor plugin version or greater.


Strong Testimonials – Stored Cross Site Scripting (XSS)

Security Risk: Medium
Exploitation Level: Requires contributor or higher.
Vulnerability: Cross Site Scripting (XSS)
CVE: CVE-2022-4717
Number of Installations:
Affected Software: Strong Testimonials <= 3.0.2
Patched Versions: Strong Testimonials 3.0.3

Some shortcode attributes are not properly validated and escaped prior to being outputted back into a page, potentially allowing a Contributor or other user with high level authentication to perform stored cross site scripting attacks.

Mitigation steps: Update to Strong Testimonials plugin version 3.0.3 or greater.


HUSKY (formerly WOOF) – PHP Object Injection

Security Risk: Low
Exploitation Level: Requires Admin authentication.
Vulnerability: Injection
CVE: CVE-2022-4489
Number of Installations: 100,000+
Affected Software: HUSKY (formerly WOOF) < 1.3.2
Patched Versions: HUSKY (formerly WOOF) 1.3.2

User input provided in the settings is unserialized by the plugin, potentially allowing admins or other high privilege users to perform PHP object injections.

Mitigation steps: Update to HUSKY plugin version 1.3.2 or greater.


WP Show Posts – Cross Site Scripting (XSS)

Security Risk: Medium
Exploitation Level: Required Contributor or higher level authentication.
Vulnerability: Cross Site Scripting (XSS)
CVE: CVE-2022-4459
Number of Installations: 100,000+
Affected Software: WP Show Posts <= 1.1.3
Patched Versions: WP Show Posts 1.1.4

Some shortcode attributes are not properly validated and escaped prior to outputting back into a page, potentially allowing a Contributor or other high level authenticated user to perform stored cross site scripting attacks on affected websites.

Mitigation steps: Update to WP Show Posts plugin version 1.1.4 or greater.


Widgets for Google Reviews – Cross Site Scripting (XSS)

Security Risk: Medium
Exploitation Level: Requires Contributor or higher authentication.
Vulnerability: Cross Site Scripting (XSS)
CVE: CVE-2022-4470
Number of Installations: 100,000+
Affected Software: Widgets for Google Reviews < 9.8
Patched Versions: Widgets for Google Reviews 9.8

Some shortcode attributes are not properly validated and escaped prior to outputting back into a page, potentially allowing a Contributor or other high level authenticated user to perform stored cross site scripting attacks on affected websites.

Mitigation steps: Update to Widgets for Google Reviews plugin version or greater.


Strong Testimonials – Cross Site Scripting (XSS)

Security Risk: Medium
Exploitation Level: Requires Contributor or higher authentication.
Vulnerability: Cross Site Scripting (XSS)
CVE: CVE-2022-4717
Number of Installations: 100,000+
Affected Software: Strong Testimonials < 3.0.3
Patched Versions: Strong Testimonials 3.0.3

Some shortcode attributes are not properly validated and escaped prior to outputting back into a page, potentially allowing a Contributor or other high level authenticated user to perform stored cross site scripting attacks on affected websites.

Mitigation steps: Update to Strong Testimonials plugin version 3.0.3 or greater.


Simple Sitemap – Cross Site Scripting (XSS)

Security Risk: Medium
Exploitation Level: Requires Contributor or higher level authentication
Vulnerability: Cross Site Scripting (XSS)
CVE: CVE-2022-4472
Number of Installations: 90,000+
Affected Software: Simple Sitemap < 3.5.8
Patched Versions: Simple Sitemap 3.5.8

Some shortcode attributes are not properly validated and escaped prior to outputting back into a page, potentially allowing a Contributor or other high level authenticated user to perform stored cross site scripting attacks on affected websites.

Mitigation steps: Update to Simple Sitemap plugin version 3.5.8 or greater.


Contextual Related Posts – Stored Cross Site Scripting (XSS)

Security Risk: Medium
Exploitation Level: Requires Contributor or higher authentication.
Vulnerability: Cross Site Scripting (XSS)
CVE: CVE-2023-0252
Number of Installations: 70,000+
Affected Software: Contextual Related Posts < 3.3.1
Patched Versions: Contextual Related Posts 3.3.1

User supplied attributes are not sufficiently sanitized or escaped, potentially allowing Contributors and other high level authenticated users to perform stored cross site scripting attacks.

Mitigation steps: Update to Contextual Related Posts plugin version 3.3.1 or greater.


Stream – Broken Access Control

Security Risk: Medium
Exploitation Level: Requires Subscriber or higher authentication.
Vulnerability: Broken Access Control
CVE: CVE-2022-4384
Number of Installations: 70,000+
Affected Software: Stream < 3.9.2
Patched Versions: Stream 3.9.2

Low privilege users (such as Subscribers) are allowed to access and utilize the alert creation functionality, potentially leaking sensitive information from affected websites.

Mitigation steps: Update to Stream plugin version 3.9.2 or greater.


Customer Reviews for WooCommerce – Cross Site Scripting (XSS)

Security Risk: Medium
Exploitation Level: Requires Contributor or higher authentication.
Vulnerability: Cross Site Scripting (XSS)
CVE: CVE-2023-0079
Number of Installations: 50,000+
Affected Software: Customer Reviews for WooCommerce < 5.17.0
Patched Versions: Customer Reviews for WooCommerce 5.17.0

Some shortcode attributes are not properly validated and escaped prior to outputting back into a page, potentially allowing a Contributor or other high level authenticated user to perform stored cross site scripting attacks on affected websites.

Mitigation steps: Update to Customer Reviews for WooCommerce plugin version 5.17.0 or greater.


Themify Portfolio Post – Stored Cross Site Scripting

Security Risk: Medium
Exploitation Level: Contributor
Vulnerability: Cross Site Scripting (XSS)
CVE: CVE-2023-0362
Number of Installations: 50,000+
Affected Software: Themify Portfolio Post < 1.2.2
Patched Versions: Themify Portfolio Post 1.2.2

Some shortcode attributes are not properly validated and escaped prior to outputting back into a page, potentially allowing a Contributor or other high level authenticated user to perform stored cross site scripting attacks on affected websites.

Mitigation steps: Update to Themify Portfolio Post plugin version or greater.


Spotlight Social Media Feeds – Stored Cross Site Scripting (XSS)

Security Risk: Medium
Exploitation Level: Contributor
Vulnerability: Cross Site Scripting (XSS)
CVE: CVE-2023-0379
Number of Installations: 50,000+
Affected Software: Spotlight Social Media Feeds < 1.4.3
Patched Versions: Spotlight Social Media Feeds 1.4.3

Some block options are not properly validated or escaped prior to being outputted back into a page or post where the block is embedded, potentially allowing Contributors or higher authenticated users to perform stored cross site scripting attacks.

Mitigation steps: Update to Spotlight Social Media Feeds plugin version 1.4.3 or greater.


RSS Aggregator by Feedzy – Stored Cross Site Scripting (XSS)

Security Risk: Medium
Exploitation Level: Contributor
Vulnerability: Cross Site Scripting (XSS)
CVE: CVE-2022-4667
Number of Installations: 50,000+
Affected Software: RSS Aggregator by Feedzy < 4.1.1
Patched Versions: RSS Aggregator by Feedzy 4.1.1

Some block options are not properly validated or escaped prior to being outputted back into a page where the block is embedded, potentially allowing Contributors or higher authenticated users to perform stored cross site scripting attacks.

Mitigation steps: Update to RSS Aggregator by Feedzy plugin version 4.1.1 or greater.

Update your website software to mitigate risk. Users who are not able to update their software with the latest version are encouraged to use a web application firewall to help virtually patch known vulnerabilities and protect their website.

文章来源: https://blog.sucuri.net/2023/01/wordpress-vulnerability-patch-roundup-january-2023.html
如有侵权请联系:admin#unsafe.sh