TR-21-0251 (WordPress Eklenti Zafiyeti)

Genel Bilgi

Bazı WordPress eklentilerinde XSS, SQL Injection ve Yetki Yükseltme zafiyeti tespit edilmiştir.

Etki

Mevcut güvenlik açıklıkları nedeniyle siber saldırganların saldırı gerçekleştirmeleri ihtimal dahilindedir. Zafiyetlerin CVE kodları şöyledir:

CVE-2021-24147, CVE-2021-24124, CVE-2021-24123, CVE-2021-24125, CVE-2021-24126, CVE-2021-24127, CVE-2021-24128, CVE-2021-24129, CVE-2021-24130, CVE-2021-24131, CVE-2021-24132, CVE-2021-24133, CVE-2021-24134, CVE-2021-24135, CVE-2021-24136, CVE-2021-24137, CVE-2021-24138, CVE-2021-24139, CVE-2021-24140, CVE-2021-24142, CVE-2021-24145, CVE-2021-24146, CVE-2021-24148 ve CVE-2021-24149

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), kullanıcı ve sistem yöneticilerine; WordPress tarafından yayınlanan güvenlik önerilerini incelemelerini ve WordPress versiyonlarını yükseltmelerini tavsiye etmektedir.

Kaynaklar

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24124

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24123

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24125

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24126

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24127

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24128

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24129

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24130

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24131

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24132

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24147

2021-03-19