TR-21-0478 (WordPress Eklenti Zaifyeti)

Genel Bilgi

Bazı WordPress eklentilerinde SQL Injection, XSS ve Yetki Yükseltme güvenlik zafiyetleri tespit edilmiştir.

Etki

Mevcut güvenlik açıklıkları nedeniyle siber saldırganların saldırı gerçekleştirmeleri ihtimal dahilindedir. CVE kodları şu şekildedir.

CVE-2021-24341, CVE-2021-24345, CVE-2021-24346, CVE-2021-24347, CVE-2021-24348, CVE-2021-24349, CVE-2021-24350, CVE-2021-24351, CVE-2021-24352, CVE-2021-24353, CVE-2021-24354, CVE-2021-24355, CVE-2021-24356, CVE-2021-24357, CVE-2021-24358, CVE-2021-24359, CVE-2021-24360 ve CVE-2021-24382

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), kullanıcı ve sistem yöneticilerine; WordPress tarafından yayınlanan güvenlik önerilerini incelemelerini ve WordPress versiyonlarını yükseltmelerini tavsiye etmektedir.

Kaynaklar

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24341

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24345

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24346

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24347

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24348

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24349

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24350

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24351

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24352

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24353

2021-06-15