Home » WordPress AMP plugin vulnerability cuam tshuam txog 100,000 qhov chaw

WordPress AMP plugin vulnerability cuam tshuam txog 100,000 qhov chaw

Cov nplooj ntawv nrawm nrawm (AMP) WordPress WordPress AMP plugin plugin,

uas muaj ntau dua 100,000 kev teeb tsa,

kho qhov muaj qhov tsis zoo me ntsis uas tuaj yeem tso cai rau tus neeg tawm tsam

los txhaj cov ntawv tsis zoo, ua rau cov neeg tuaj xyuas lub vev xaib ua cov ntawv sau.

Hla-site scripting nres ntawm Shortcode

Hla-site scripting (XSS) yog ib qho ntawm qhov tsis zoo tshaj plaws.

Nyob rau hauv cov ntsiab lus ntawm WordPress AMP plugin WordPress plugins,

XSS vulnerabilities feem ntau tshwm sim thaum lub plugin inputs cov ntaub ntawv

nyob rau hauv ib co txoj kev uas tsis tag nrho validated los yog sanitized los ntawm cov neeg siv tswv yim.

Sanitization yog ib txoj hauv kev los thaiv cov khoom siv tsis xav tau

Piv txwv li, yog tias lub plugin tso cai lub teb chaws email list rau cov neeg siv ntxiv cov ntawv los ntawm qhov chaw nkag,

nws yuav tsum ua kom huv si lwm cov ntsiab lus tsis cuam tshuam nkag mus rau hauv daim ntawv no,

xws li cov ntawv sau lossis zip cov ntaub ntawv.

Shortcode yog qhov tshwj xeeb ntawm WordPress uas tso cai rau cov neeg siv ntxig cov cim npe

zoo ib yam li [piv txwv] rau hauv cov ntawv thiab nplooj ntawv.

Shortcode embeds functionality lossis cov ntsiab WordPress AMP plugin lus muab los ntawm plug-in,

tso cai rau cov neeg siv los teeb tsa lub plug-in los ntawm admin vaj huam

sib luag thiab tom qab ntawd luam tawm thiab muab cov shortcode

rau hauv kab lus lossis nplooj ntawv uas lawv xav kom lub plug-in functionality tshwm.

lub teb chaws email list

Qhov Cross-site scripting ntawm

Shortcode” qhov tsis zoo yog qhov tsis txaus ntseeg kev nyab xeeb uas tso cai rau tus neeg

tawm tsam los txhaj cov ntawv tsis zoo rau hauv lub vev xaib

los ntawm kev siv cov shortcode functionality ntawm plug-in.

Raws li tsab ntawv ceeb toom tsis ntev los no tau tshaj tawm los ntawm

Patchstack WordPress tuam txhab bing muab cov lus qhia tshiab rau cov webmasters cuam tshuam nrog ai xyaw kev ruaj ntseg:

“Qhov no tuaj yeem tso cai rau cov neeg ua phem WordPress AMP plugin rau txhaj cov ntawv tsis zoo xws li redirects,

tshaj tawm thiab lwm yam HTML rau hauv koj lub vev xaib uas yuav

raug tua thaum tus qhua tuaj xyuas koj lub xaib.”

Qhov tsis zoo no tau raug kho nyob rau hauv version 1.0.89.

Wordfence piav qhia txog qhov tsis zoo:

“Lub Accelerated Mobile Pages plugin rau WordPress nyob rau hauv tag nrho cov versions,

suav nrog version 1.0.88.1, raug kev txom nyem los ntawm kev khaws cia ntawm

qhov chaw sau ntawv tawm tsam ntawm plugin’s shortcode vim tsis txaus cov

ntaub ntawv siv tau thiab cov khoom tawm tr npe khiav tawm ntawm cov neeg siv khoom.

Wordfence kuj tau qhia meej tias qhov no yog qhov muaj txiaj ntsig zoo

uas siv tau los ua pov thawj, txhais tau tias tus neeg

nyiag nkas yuav xav tau tsawg kawg tus neeg koom tes tso cai rau kev siv nws.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *