TR-21-0288 (WordPress Eklenti Zafiyeti)

Genel Bilgi

Bazı WordPress eklentilerinde XSS, SQL Injection ve SSRF zafiyeti tespit edilmiştir.

Etki

Mevcut güvenlik açıklıkları nedeniyle siber saldırganların saldırı gerçekleştirmeleri ihtimal dahilindedir. CVE kodları şu şekildedir:

CVE-2021-24202, CVE-2021-24150, CVE-2021-24168, CVE-2021-24169, CVE-2021-24173, CVE-2021-24180, CVE-2021-24181, CVE-2021-24196, CVE-2021-24201, CVE-2021-24205, CVE-2021-24206, CVE-2021-24207, CVE-2021-24208, CVE-2021-24209, CVE-2021-24210, CVE-2021-24211 ve CVE-2021-24212

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), kullanıcı ve sistem yöneticilerine; WordPress tarafından yayınlanan güvenlik önerilerini incelemelerini ve WordPress versiyonlarını yükseltmelerini tavsiye etmektedir.

Kaynaklar

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24150

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24168

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24169

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24173

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24180

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24181

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24196

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24201

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24202

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24205

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24202

2021-04-06