Каждые 2 дня появляется новый способ взлома WordPress

С начала 2017 года, злоумышленники выпустили 156 готовых программ для взлома сайтов на WordPress. Один раз в два дня ваш сайт становится уязвим, и если вовремя это не исправить, то зараженный сайт отключит хостер.

Что бы этого избежать, лучше выбирать хостинг с защитой от взломов.

Список уязвимостей с кратким описанием:

  1. 22.11.2017          WordPress Emag Marketplace Connector 1.0 Cross Site Scripting
  2. 22.11.2017          WordPress Advanced Post Type Ratings 1.1 Cross Site Scripting
  3. 22.11.2017          WordPress In Link 1.0 SQL Injection
  4. 22.11.2017          WordPress Breezing Forms 1.2.7.42 Cross Site Scripting
  5. 15.11.2017          WordPress Affiliate Ads For Clickbank Products 1.3 XSS
  6. 15.11.2017          WordPress AMP Toolbox 1.9.4 Cross Site Scripting
  7. 15.11.2017          WordPress DFD Reddcoin Tips 1.1.1 Cross Site Scripting
  8. 14.11.2017          WordPress Boozang 1.0.0 Cross Site Scripting
  9. 14.11.2017          WordPress Cartogiraffe Map 1.0 Cross Site Scripting
  10. 14.11.2017          WordPress Appointments 2.2.2.2 Cross Site Scripting
  11. 13.11.2017          WordPress < = 4.8.2 SQL Injection POC
  12. 10.11.2017          WordPress Secure HTML5 Video Player 3.14 Cross Site Scripting
  13. 09.11.2017          WordPress Ultimate Instagram Feed 1.2 Cross Site Scripting
  14. 07.11.2017          WordPress Duplicator Migration 1.2.28 Cross Site Scripting
  15. 06.11.2017          WordPress Plugin Userpro < 4.9.17.1 Authentication Bypass
  16. 05.11.2017          WordPress Plugins ImageManager- Arbitrary File Upload
  17. 04.11.2017          WordPress Plugin JTRT Responsive Tables 4.1 SQL Injection
  18. 01.11.2017          WordPress User Login History 1.5.2 Cross Site Scripting
  19. 01.11.2017          WordPress SmoothGallery for NextGen Gallery XSS
  20. 01.11.2017          WPBounce WordPress plugin Open Redirect
  21. 20.10.2017          WordPress Car Park Booking SQL Injection
  22. 17.10.2017          WordPress Influencer Marketing And Press Release System 2.2 XSS
  23. 13.10.2017          WordPress Pootle Button 1.1.1 Cross Site Scripting
  24. 12.10.2017          WordPress WP-Contact-Widgets 1.4.1 Cross Site Scripting
  25. 12.10.2017          WordPress PopCash.Net Publisher Code Integration 1.0 Cross Site Scripting
  26. 11.10.2017          WordPress TR Easy Google Analytics 1.0.0 Cross Site Scripting
  27. 11.10.2017          WordPress Simple Login Log 1.1.1 SQL Injection
  28. 11.10.2017          WordPress Ad Widget 2.10.0 Local File Inclusion
  29. 08.10.2017          WordPress 4.8.2 Activation Key Failed Expiry
  30. 08.10.2017          Gallery by BestWebSoft wordpress / FILE UPLOAD
  31. 07.10.2017          WordPress does not hash wp_signups.activation_key SQL injection to create accounts
  32. 05.10.2017          WordPress Smush Image 2.7.4.1 Directory Traversal
  33. 28.09.2017          WordPress Content Audit 1.9.1 Cross Site Request Forgery / Cross Site Scripting
  34. 23.09.2017          WordPress Responsive Image Gallery 1.1.8 SQL Injection
  35. 21.09.2017          WordPress 2kb Amazon Affiliates Store 2.1.0 Cross Site Scripting
  36. 09.09.2017          WordPress SB Uploader 4.9 Arbitrary File Upload Vulnerability
  37. 09.09.2017          WordPress Training Membership 1.0.8 Cross Site Scripting
  38. 08.09.2017          Stanford University Longevity WordPress Website BruteForce Attack
  39. 07.09.2017          WordPress cool-flickr-slideshow Plugin Cross Site Scriptingxss
  40. 07.09.2017          WordPress Contact Form 7 International Sms Integration Plugin Cross Site Scripting
  41. 05.09.2017          WordPress Plugin Participants Database < 1.7.5.10 Cross-Site Scripting
  42. 25.08.2017          WordPress Plugins woocommerce-product-options — Arbitrary File Upload
  43. 19.08.2017          WordPress MoneyTheme Themes XSS / Arbitrary File Upload
  44. 18.08.2017          WordPress share-on-diaspora Plugin Cross Site Scripting XSS
  45. 13.08.2017          WordPress FAdvertisement Plugin Sql Injection Vulnerability
  46. 11.08.2017          WordPress Easy Modal 2.0.17 SQL Injection
  47. 11.08.2017          WordPress PressForward 4.3.0 Cross Site Scripting
  48. 11.08.2017          WordPress Podlove Podcast Publisher 2.5.3 SQL Injection
  49. 08.08.2017          WordPress Plugin Easy Modal 2.0.17 SQL Injection
  50. 06.08.2017          WordPress GamePlan Event And Gym Fitness Theme 1.5.13.2 Cross Site Scripting
  51. 01.08.2017          WordPress Logosware Suite Uploader 1.1.6 File Upload
  52. 31.07.2017          WordPress Plugin Logosware Suite Uploader 1.1.6 Remote File Upload
  53. 26.07.2017          WordPress Ultimate Affiliate Pro 3.6 Cross Site Scripting
  54. 26.07.2017          WordPress FormCraft Form Builder 3.2.31 Cross Site Scripting
  55. 21.07.2017          WordPress Task Manager Pro 1.31 Cross Site Scripting
  56. 11.07.2017          WordPress Plugin How-Interest Cross-Site Scripting
  57. 28.06.2017          WordPress Plugin Ultimate Product Catalogue 4.2.2 SQL Injection
  58. 26.06.2017          WordPress FormCraft Basic 1.0.5 SQL Injection
  59. 21.06.2017          WordPress Download Manager 2.9.46 / 2.9.51 Cross Site Scripting
  60. 21.06.2017          WordPress Photo Gallery 1.3.34 / 1.3.42 Path Traversal
  61. 13.06.2017          WordPress Plugins WP Checkout — Arbitrary File Upload
  62. 13.06.2017          WordPress Plugins Viral Optins — Arbitrary File Upload
  63. 13.06.2017          WordPress Themes Awake — Cross-Site Scripting
  64. 08.06.2017          WordPress Plugins console contact form — Arbitrary File Upload
  65. 04.06.2017          WordPress Plugins WP Job Manager Locations — Arbitrary File Upload
  66. 03.06.2017          WordPress No External Links 3.5.17 Cross Site Scripting
  67. 03.06.2017          WordPress Tribulant Newsletters 4.6.4.2 XSS / File Disclosure
  68. 02.06.2017          WordPress Plugins WP Job Manager — Arbitrary File Upload
  69. 01.06.2017          WordPress Themes U-design File Upload
  70. 31.05.2017          WordPress Simple Slideshow Manager 2.2 Cross Site Scripting
  71. 29.05.2017          WordPress Themes Purevision — Arbitrary File Upload
  72. 28.05.2017          WordPress AffiliateWP 2.0.8 Cross Site Scripting
  73. 28.05.2017          WordPress Social-Stream 1.6.0 Twitter API Secret Disclosure
  74. 28.05.2017          WordPress Huge-IT Video Gallery 2.0.4 SQL Injection
  75. 28.05.2017          WordPress All In One Schema.org Rich Snippets 1.4.1 XSS
  76. 25.05.2017          WordPress plugins dopts upload File Vulnerability
  77. 24.05.2017          WordPress Newsletter Supsystic 1.1.7 Cross Site Scripting
  78. 23.05.2017          WordPress rehber Themes File Upload Vulnerability
  79. 22.05.2017          WordPress plugins wp-mailinglist upload File Vulnerability CSRF
  80. 18.05.2017          WordPress Revslider Exploit and Mass Shell Upload
  81. 17.05.2017          WordPress EELV Newsletter 4.5 XSS / CSRF
  82. 17.05.2017          WordPress PHPMailer Host Header Command Injection
  83. 14.05.2017          WordPress plugins wpdm-filemanager upload File Vulnerability
  84. 10.05.2017          WordPress Clean Login Cross Site Request Forgery
  85. 10.05.2017          WordPress Plugin Organizer File 6.x Upload Vulnerability
  86. 05.05.2017          WordPress Plugins Art Picture Shop File Upload Vulnerability
  87. 05.05.2017          WordPress Core 4.6 Unauthenticated Remote Code Execution Full Advisory
  88. 04.05.2017          WordPress Theme Sehf File Upload Vulnerability CSRF
  89. 03.05.2017          WordPress Theme Ebs File Upload Vulnerability CSRF
  90. 03.05.2017          WordPress 4.6 Unauthenticated Remote Code Execution RCE PoC Exploit
  91. 27.04.2017          WordPress Wow Forms 2.1 SQL Injection
  92. 27.04.2017          WordPress Wow Viral Signups 2.1 SQL Injection
  93. 27.04.2017          WordPress Car Rental System 2.5 SQL Injection
  94. 23.04.2017          WordPress flash album gallery Plugins SQL Vulnerability.
  95. 22.04.2017          WordPress newsletter Plugins SQL Vulnerability.
  96. 21.04.2017          WordPress Connection Information Cross Site Request Forgery
  97. 19.04.2017          WordPress theme ‘boldial’ — Full Path Disclosure
  98. 13.04.2017          WordPress pdfjs-viewer-shortcode Plugins Xss / Code Execution Vulnerability
  99. 10.04.2017          WordPress webplayer Plugins SQL Injection Vulnerability
  100. 09.04.2017          WordPress salient Themes SQL Injection Vulnerability
  101. 08.04.2017          WordPress Gravity Forms Plugin Exploit and File Upload
  102. 05.04.2017          WordPress dreamwork_manage File Upload Vulnerability
  103. 31.03.2017          WordPress wp-dreamworkgallery File Upload Vulnerability
  104. 29.03.2017          WordPress plugins team-admin upload File Vulnerability
  105. 28.03.2017          WordPress Themes betheme Sh3ll Upload Vulnerability CSRF
  106. 27.03.2017          WordPress Themes Multimedia1 Shell Upload Vulnerability CSRF
  107. 21.03.2017          WordPress Multiple Plugin File Upload
  108. 20.03.2017          WordPress plugin Sports Rankings and Lists directory
  109. 17.03.2017          WordPress Membership Simplified 1.58 Arbitrary File Download
  110. 16.03.2017          WordPress Plugin Membership Simplified v1.58 — Arbitrary File Download
  111. 15.03.2017          WordPress Themes Nunace Shell Upload Vulnerability CSRF
  112. 14.03.2017          WordPress Print Money v4.91 Plugin Persistent Cross Site Scripting
  113. 13.03.2017          WordPress Chat-Room plugin v0.1.2 directory traversal/arbitrary file write
  114. 13.03.2017          WordPress plugin Flash Rotator Gallery SQL injection
  115. 11.03.2017          WordPress Themes Synoptic Shell Upload Vulnerability CSRF
  116. 10.03.2017          WordPress PICA Photo Gallery 1.0 SQL Injection
  117. 09.03.2017          Unlock WordPress Admin Login Disable Protection
  118. 09.03.2017          WordPress Themes Qualifire File Upload Vulnerabilty CSRF
  119. 07.03.2017          WordPress 4.5.3 Audio Playlist Cross Site Scripting
  120. 07.03.2017          WordPress 4.5.3 Press This Function CSRF / Denial Of Service
  121. 06.03.2017          WordPress Multiple Plugins — Remote File Upload
  122. 05.03.2017          WordPress VaultPress 1.8.4 Remote Code Execution / Man-In-The-Middle
  123. 03.03.2017          WordPress Global Content Blocks 2.1.5 Cross Site Request Forgery
  124. 03.03.2017          WordPress Magic Fields 1 1.7.1 Cross Site Scripting
  125. 03.03.2017          WordPress Popup By Supsystic 1.7.6 Cross Site Request Forgery
  126. 03.03.2017          WordPress Download Manager 2.8.99 Cross Site Request Forgery
  127. 03.03.2017          WordPress Gwolle Guestbook 1.7.4 Cross Site Request Forgery
  128. 03.03.2017          WordPress Tribulant Slideshow Galleries 1.6.3 Cross Site Scripting
  129. 03.03.2017          WordPress Contact Form Manager CSRF / XSS
  130. 03.03.2017          WordPress Alpine PhotoTile For Instagram 1.2.7.7 XSS
  131. 03.03.2017          WordPress Atahualpa Theme Cross Site Request Forgery
  132. 03.03.2017          WordPress File Manager 3.0.1 Cross Site Request Forgery
  133. 03.03.2017          WordPress User Login Log 2.2.1 Cross Site Scripting
  134. 03.03.2017          WordPress Google Analytics Dashboard 2.1.1 Cross Site Scripting
  135. 03.03.2017          WordPress Atahualpa Theme Cross Site Scripting
  136. 03.03.2017          WordPress Contact Form 4.0.0 Cross Site Scripting
  137. 03.03.2017          WordPress Simple Ads Manager 2.9.8.125 PHP Object Injection
  138. 03.03.2017          WordPress NewStatPress 1.2.4 Cross Site Scripting
  139. 03.03.2017          WordPress Gwolle Guestbook 1.7.4 Cross Site Scripting
  140. 28.02.2017          WordPress Kama Click Counter 3.4.9 SQL Injection
  141. 25.02.2017          MyMag wordpress theme Unrestricted File Upload
  142. 24.02.2017          WordPress Mail Masta 1.0 SQL Injection
  143. 17.02.2017          WordPress Plugin Corner Ad 1.0.7 — Cross-Site Scripting
  144. 15.02.2017          WordPress Easy Table 1.6 Cross Site Scripting
  145. 13.02.2017          WordPress 4.7 / 4.7.1 Content Injection Gui Exploit
  146. 13.02.2017          WordPress Themes dance studio 1.0.0 — Arbitrary Shell Upload vulnerbility
  147. 12.02.2017          WordPress 4.7.0/4.7.1 Plugin Insert PHP — PHP Code Injection
  148. 02.02.2017          WordPress 4.7.0 / 4.7.1 REST API Privilege Escalation
  149. 30.01.2017          WordPress FormBuilder 1.05 Cross Site Request Forgery
  150. 27.01.2017          WordPress InfiniteWP Client 1.5.1.3 / 1.6.0 PHP Object Injection
  151. 26.01.2017          CMS Commander Client WordPress Plugin unauthenticated PHP Object injection vulnerability
  152. 26.01.2017          Google Forms WordPress Plugin unauthenticated PHP Object injection vulnerability
  153. 26.01.2017          WordPress >=4.7 User Enumeration Exploit
  154. 18.01.2017          WordPress WooCommerce Direct Download Local File Inclusion
  155. 14.01.2017          WordPress cmw-speakers Plugin SQL injection Vulnerability
  156. 11.01.2017          WordPress WP Support Plus Responsive Ticket System 7.1.3 Privilege Escalation