WordPress安全

WordPress Simple Download Monitor plugin <= 3.9.33 – Authenticated (Contributor+) SQL Injection via order parameter in Log Export functionality vulnerability

WordPress Dynamic AJAX Product Filters for WooCommerce plugin <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Parameter vulnerability

WordPress Xagio SEO plugin <= 7.1.0.5 - Unauthenticated Sensitive Information Exposure via Unprotected Back-Up Files vulnerability

WordPress Ajax Search Lite plugin <= 4.13.1 - Missing Authorization to Unauthenticated Basic Information Exposure via ASL_Query in AJAX Search Handler vulnerability

WordPress Beaver Builder 插件（Lite 版本）插件 <= 2.9.2.1 - 反射型跨站脚本漏洞

WordPress ArcHub theme <= 1.2.12 - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated vulnerability

WordPress Hub theme <= 5.0.7 - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated vulnerability

WordPress 文件管理器、代码编辑器和 Managefy 插件备份 <= 1.4.8 - 认证用户 (管理员+) 的路径遍历到任意文件下载漏洞

WordPress StopBadBots plugin <= 11.58 - Insufficient Authorization to Unauthenticated Blocklist Bypass vulnerability

WordPress WP ULike Pro plugin <= 1.9.3 - Unauthenticated Limited Arbitrary File Upload vulnerability