🥇Backdoor i roto i te 93 AccessPress monomai me nga kaupapa i whakamahia i runga i te 360 mano nga waahi

I kaha nga kaiwhaiwhai ki te whakauru i tetahi backdoor ki roto i nga taputapu 40 me nga kaupapa 53 mo te punaha whakahaere ihirangi WordPress, i whakawhanakehia e AccessPress, e kii ana kei te whakamahia ana taapiri ki runga ake i te 360 mano nga waahi. Ko nga hua o te tātaritanga o te aitua kaore ano kia whakaratohia, engari e kiia ana i whakauruhia te waehere kino i te wa o te whakararu o te paetukutuku AccessPress, ka whakarereke i nga purongo kua tukuna mo te tango me nga putanga kua tukuna, na te mea kei te taha o muri. kei roto anake i te waehere kua tohatohahia ma te paetukutuku mana o AccessPress, engari kei te ngaro i roto i era ko nga whakaputanga o nga taapiri kua tohatohahia ma te raarangi WordPress.org.

Ko nga huringa kino i kitea e tetahi kairangahau i JetPack (he wehenga o te kaiwhakawhanake WordPress Aunoa) i te tirotiro i nga waehere kino i kitea i runga i te paetukutuku a te kiritaki. Ko te tātaritanga o te ahuatanga i whakaatu ko nga huringa kino kei roto i te taapiri WordPress i tangohia mai i te paetukutuku mana AccessPress. Ko etahi atu taapiri mai i te kaihanga kotahi i tukuna ano ki nga whakarereketanga kino e taea ai te uru katoa ki te waahi me nga mana kaiwhakahaere.

I te wa o te whakarereketanga, ka taapirihia e nga kaiwhaiwhai te konae "initial.php" ki nga purongo me nga taapiri me nga kaupapa, i honoa ma te "whakauru" i roto i te konae "functions.php". Hei whakapoauau i te huarahi, ko nga ihirangi kino i roto i te konae "initial.php" i hunahia hei poraka raraunga kua whakawaeheretia base64. Ko te whakauru kino, i raro i te ahua o te whiwhi whakaahua mai i te paetukutuku wp-theme-connect.com, i utaina tika te waehere o muri ki te wp-includes/vars.php file.

Ko nga waahi tuatahi i uru ki nga huringa kino ki nga taapiri AccessPress i kitea i te Mahuru 2021. E whakapaetia ana i reira ka kuhuhia te tatau o muri ki roto i nga taapiri. Ko te whakamohiotanga tuatahi ki a AccessPress mo te raruraru kua tautuhia kaore i whakautuhia, a ka taea e AccessPress te aro noa i muri i te whakauru i te roopu WordPress.org ki te tirotiro. I te Oketopa 15, 2021, i tangohia nga purongo e pa ana ki te kuaha o muri mai i te paetukutuku AccessPress, a i tukuna nga putanga hou o nga taapiri i te Hanuere 17, 2022.

I tirotirohia e Sucuri nga waahi i whakauruhia ai nga putanga kua pa ki a AccessPress me te tautuhi i te ahua o nga waahanga kino i utaina mai i te kuaha o muri i tukuna he mokowhiti me te whakawhiti i nga whakawhitinga ki nga waahi tinihanga (ko nga waahanga ko te 2019 me te 2020). E kiia ana ko nga kaituhi o te tuara kei te hoko uru ki nga waahi kua taupatupatuhia.

Ko nga kaupapa kei roto te whakakapinga o muri:

accessbuddy 1.0.0
accesspress-taketake 3.2.1
accesspress-lite 2.92
accesspress-mag 2.6.5
accesspress-parallax 4.5
accesspress-ray 1.19.5
accesspress-pakiaka 2.5
accesspress-staple 1.9.1
accesspress-toa 2.4.9
umanga-lite 1.1.6
pai 1.0.6
bingle 1.0.4
blogger 1.2.6
hanga-lite 1.2.5
doko 1.0.27
whakamarama 1.3.5
toa toa 1.2.1
whakaahua 2.4.0
gaga-corp 1.0.8
gaga-lite 1.4.2
mokowā kotahi 2.2.8
parallax-blog 3.1.1574941215
whakarara 1.3.6
punte 1.1.2
hurihuri 1.3.1
ripple 1.2.0
panuku 2.1.0
sportsmag 1.2.1
storevilla 1.4.1
piu-lite 1.1.9
te-whakarewa 1.3.2
te-Mane 1.4.1
uncode-lite 1.3.1
unicon-lite 1.2.6
vmag 1.2.7
vmagazine-lite 1.3.5
vmagazine-news 1.0.5
zigcy-pepe 1.0.6
zigcy-cosmetics 1.0.5
zigcy-lite 2.0.9

Nga monomai i kitea he whakakapinga kuaha o muri:

accesspress-anonymous-post 2.8.0 2.8.1 1
accesspress-custom-css 2.0.1 2.0.2
accesspress-custom-post-type 1.0.8 1.0.9
accesspress-facebook-auto-post 2.1.3 2.1.4
accesspress-instagram-feed 4.0.3 4.0.4
accesspress-pinterest 3.3.3 3.3.4
accesspress-social-counter 1.9.1 1.9.2
accesspress-papori-ata 1.8.2 1.8.3
accesspress-social-login-lite 3.4.7 3.4.8
accesspress-social-share 4.5.5 4.5.6
accesspress-twitter-auto-post 1.4.5 1.4.6
accesspress-twitter-feed 1.6.7 1.6.8
Ak-tahua-tohu-lite 1.0.9
ap-hoa 1.0.7 2
ap-whakapā-puka 1.0.6 1.0.7
ap-ritenga-whakaatu 1.4.6 1.4.7
tahua-ap-mega 3.0.5 3.0.6
ap-price-tables-lite 1.1.2 1.1.3
apex-notification-bar-lite 2.0.4 2.0.5
cf7-toa-ki-db-lite 1.0.9 1.1.0
korero-whakakore-whakauru 1.0.7 1.0.8
ngawari-taha-ripa-cta 1.0.7 1.0.8
everest-admin-theme-lite 1.0.7 1.0.8
everest-coming-soon-lite 1.1.0 1.1.1
everest-korero-whakatauranga-lite 2.0.4 2.0.5
everest-counter-lite 2.0.7 2.0.8
everest-faq-kaiwhakahaere-lite 1.0.8 1.0.9
everest-taiwhanga-lite 1.0.8 1.0.9
everest-google-places-reviews-lite 1.0.9 2.0.0
everest-review-lite 1.0.7
everest-tab-lite 2.0.3 2.0.4
everest-timeline-lite 1.1.1 1.1.2
waea-roto-ki-te-mahi-kaihanga-lite 1.1.0 1.1.1
product-slider-for-woocommerce-lite 1.1.5 1.1.6
smart-logo-showcase-lite 1.1.7 1.1.8
atamai-panuku-whakairinga 2.0.8 2.0.9
atamai-panuku-ki-runga-lite 1.0.3 1.0.4
tapeke-gdpr-tautuku-lite 1.0.4
tapeke-rōpū-lite 1.1.1 1.1.2
tino-kaituhi-pouaka-lite 1.1.2 1.1.3
tino-puka-kaihanga-lite 1.5.0 1.5.1
woo-badge-designer-lite 1.1.0 1.1.1
wp-1-slider 1.2.9 1.3.0
wp-blog-manager-lite 1.1.0 1.1.2
wp-korero-kaihoahoa-lite 2.0.3 2.0.4
wp-cookie-user-info 1.0.7 1.0.8
wp-facebook-review-showcase-lite 1.0.9
wp-fb-messenger-button-lite 2.0.7
wp-tahua-tere 1.4.4 1.4.5
wp-media-manager-lite 1.1.2 1.1.3
wp-popup-banners 1.2.3 1.2.4
wp-popup-lite 1.0.8
wp-product-gallery-lite 1.1.1

Source: opennet.ru

Backdoor i roto i te 93 AccessPress monomai me nga kaupapa i whakamahia i runga i te 360 ​​mano nga waahi

Tāpiri i te kōrero whakakore whakautu

Backdoor i roto i te 93 AccessPress monomai me nga kaupapa i whakamahia i runga i te 360 mano nga waahi