Vatsvagiridzi vekuchengetedza kubva kuWordfence uye WebARX vaona kusagadzikana kwakati wandei mumapulagi mashanu eiyo WordPress web content management system, inokwana inodarika miriyoni kumisikidzwa.
- mune plugin , iyo ine zvinopfuura 700 zviuru zvekuisa. Nyaya yakarongwa Severity Level 9 kubva pagumi (CVSS). Kusagadzikana kunobvumira mushandisi ane chokwadi ane kodzero dzevanyoreri kudzima kana kuvanza (shandura chimiro kune chisina kuburitswa chinyorwa) chero peji resaiti, pamwe nekutsiva yavo zvemukati pamapeji.
Kunetseka mukuburitswa 1.8.3. - mune plugin , nhamba dzinopfuura 200 zviuru zvigadziro (kurwiswa kwechokwadi pamasaiti kwakanyorwa, mushure mekutanga kweiyo uye kutaridzika kwedata pamusoro pekusagadzikana, nhamba yekuisa yakatodzikira kusvika ku100 zviuru). Kusagadzikana uku kunobvumira muenzi asina kutenderwa kuti abvise zviri mukati mesaiti dhatabhesi uye kusetazve dhatabhesi kuti rive patsva yekumisikidza mamiriro. Kana paine mushandisi anonzi admin mudhatabhesi, saka kusazvibata kunobvumidza iwe kuti uwane kutonga kwakazara pamusoro pesaiti. Kusagadzikana kunokonzerwa nekutadza kutendesa mushandisi ari kuedza kuburitsa mirairo yakasarudzika kuburikidza ne /wp-admin/admin-ajax.php script. Dambudziko rakagadziriswa mushanduro 1.6.2.
- mune plugin , inoshandiswa panzvimbo dze44 zviuru. Nyaya yacho inopiwa chiyero chekuoma kwe9.8 kunze kwe10. Kusagadzikana kunobvumira mushandisi asina kutenderwa kuti aite PHP code yavo pane sevha uye achitsiva saiti administrator account nekutumira chikumbiro chakakosha kuburikidza neREST-API.
Mhosva dzekushandiswa kwekusagadzikana dzakatorekodhwa panetiweki, asi yekuvandudza nekugadzirisa haisati yavepo. Vashandisi vanorayirwa kuti vabvise plugin iyi nekukurumidza sezvinobvira. - mune plugin , dzinosvika zviuru makumi matanhatu zvekuiswa. Nyaya yacho yakapiwa kuomarara kwe60 kubva pa8.8. Kusagadzikana kunobvumira chero mushanyi ane chokwadi, kusanganisira avo vane kodzero dzevanyoreri, kuti vawedzere kodzero dzavo kune saiti maneja kana kuwana mukana kune wpCentral control panel. Dambudziko rinogadziriswa mushanduro 10.
- mune plugin , nezvinenge zviuru makumi matanhatu nezvishanu zvakaiswa. Nyaya yacho inopihwa chiyero chekuomarara chegumi kubva pagumi. Kusagadzikana kunobvumira mushandisi asina kutenderwa kugadzira account ine kodzero yemutungamiriri (iyo plugin inobvumidza iwe kugadzira mafomu ekunyoresa uye mushandisi anogona kungopfuura imwe munda ine basa remushandisi, kugovera. iyo nhanho yemutungamiriri). Dambudziko rakagadziriswa mushanduro 65.
Mukuwedzera, inogona kucherechedzwa network yekugovera Trojan plugins uye WordPress themes. Vapambi vakaisa mapirated makopi eakabhadharwa plugins pane ekunyepedzera dhairekitori saiti, vakambobatanidza yekuseri mukati mavo kuti vawane kure uye kurodha mirairo kubva kune control server. Kana yangoitwa, kodhi ine hutsinye yakashandiswa kuisa kushambadza kwakashata kana kunyengera (semuenzaniso, yambiro nezve kudiwa kwekuisa antivirus kana kugadzirisa browser yako), pamwe nekutsvaga injini optimization yekusimudzira masaiti anogovera plugins yakaipa. Zvinoenderana nedata rekutanga, anopfuura zviuru makumi maviri masaiti akakanganiswa achishandisa aya mapulagi. Pakati pevakabatwa paive nenzvimbo yezvicherwa, femu yekutengesa, bhangi, makambani makuru akati wandei, mugadziri wemhinduro dzekubhadhara vachishandisa makadhi echikwereti, makambani eIT, nezvimwe.
Source: opennet.ru