{"id":22155,"date":"2020-01-21T21:31:36","date_gmt":"2020-01-21T20:31:36","guid":{"rendered":"https:\/\/savinol.sg-host.com\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/"},"modified":"2020-01-21T21:31:36","modified_gmt":"2020-01-21T20:31:36","slug":"wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin","status":"publish","type":"post","link":"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/","title":{"rendered":"WordPress: 3 vulnerabilit\u00e0 critiche in 3 diversi plugin"},"content":{"rendered":"


\n<\/p>\n

\n

I team di cybersecurity della Web Application Security Platform<\/em> WebArx, e di Wordfence, security addon per WordPress<\/strong>, hanno recentemente pubblicato alcuni report dove vengono evidenziate delle importanti criticit\u00e0 presenti in tre plugin molto popolari del noto CMS: InfiniteWP Client<\/strong>, WP Time Capsule<\/strong> e WP Database Reset<\/strong>.<\/p>\n

Si stima che tali add-on siano utilizzati attivamente da pi\u00f9 400 mila siti Internet. Fortunatamente sono gi\u00e0 disponibili gli aggiornamenti correttivi contenenti con i rispettivi bugifx. <\/p>\n

Le vulnerabilit\u00e0 nel dettaglio<\/h2>\n

InfiniteWP era afflitto da un problema<\/a> di natura logica che avrebbe permesso di accedere all\u2019account di un amministratore senza per questo dover conoscere la password di autenticazione. <\/p>\n

Un utente malintenzionato, avendo a disposizione l\u2019username dell\u2019account, avrebbe potuto utilizzare per esempio una semplice POST request payload con un encoding scritto in formato JSON (JavaScript Object Notation<\/em>) o Base64 per ottenere le credenziali di login dell\u2019amministratore del sito Web.<\/p>\n

La criticit\u00e0 presente in WP Time Capsule riguardava invece una problematica inerente una function line. Il bug rilevato poteva essere sfruttato aggiungendo una raw POST request che avrebbe permesso alla funzione di accedere ai dati con i privilegi completi di un amministratore.<\/p>\n

Infine il bug<\/a> riscontrato nell\u2019estensione WP Database Reset poteva essere impiegato per eseguire il reset delle tabelle presenti nel database di WordPress anche senza l\u2019autorizzazione dell\u2019utente amministratore.<\/p>\n

Gli utenti che sfruttano questi plugin per i propri progetti animati dal CMS WordPress dovrebbero quindi eseguire gli aggiornamenti correttivi il prima possibile, questo per evitare possibili accessi non autorizzati o furti di dati.<\/p>\n

Via WebArx<\/a><\/p>\n<\/div>\n


\n
Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

I team di cybersecurity della Web Application Security Platform WebArx, e di Wordfence, security addon per WordPress, hanno recentemente pubblicato alcuni report dove vengono evidenziate delle importanti criticit\u00e0 presenti in tre plugin molto popolari del noto CMS: InfiniteWP Client, WP Time Capsule e WP Database Reset. Si stima che tali add-on siano utilizzati attivamente da…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_s2mail":""},"categories":[37],"tags":[],"acf":[],"yoast_head":"\nWordPress: 3 vulnerabilit\u00e0 critiche in 3 diversi plugin - AGENZIA WEB Italia<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WordPress: 3 vulnerabilit\u00e0 critiche in 3 diversi plugin - AGENZIA WEB Italia\" \/>\n<meta property=\"og:description\" content=\"I team di cybersecurity della Web Application Security Platform WebArx, e di Wordfence, security addon per WordPress, hanno recentemente pubblicato alcuni report dove vengono evidenziate delle importanti criticit\u00e0 presenti in tre plugin molto popolari del noto CMS: InfiniteWP Client, WP Time Capsule e WP Database Reset. Si stima che tali add-on siano utilizzati attivamente da...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/\" \/>\n<meta property=\"og:site_name\" content=\"AGENZIA WEB Italia\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-21T20:31:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minuto\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/#\/schema\/person\/c0748e23499fac2fd73b79d1379fdf42\"},\"headline\":\"WordPress: 3 vulnerabilit\u00e0 critiche in 3 diversi plugin\",\"datePublished\":\"2020-01-21T20:31:36+00:00\",\"dateModified\":\"2020-01-21T20:31:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/\"},\"wordCount\":264,\"publisher\":{\"@id\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/#organization\"},\"articleSection\":[\"News\"],\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/\",\"url\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/\",\"name\":\"WordPress: 3 vulnerabilit\u00e0 critiche in 3 diversi plugin - AGENZIA WEB Italia\",\"isPartOf\":{\"@id\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/#website\"},\"datePublished\":\"2020-01-21T20:31:36+00:00\",\"dateModified\":\"2020-01-21T20:31:36+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WordPress: 3 vulnerabilit\u00e0 critiche in 3 diversi plugin\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/#website\",\"url\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/\",\"name\":\"AGENZIA WEB Italia\",\"description\":\"Web design Web agency Italia\",\"publisher\":{\"@id\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/#organization\",\"name\":\"Multimedia Web\",\"url\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/wp-content\/uploads\/2016\/05\/multimediaweb1.png\",\"contentUrl\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/wp-content\/uploads\/2016\/05\/multimediaweb1.png\",\"width\":200,\"height\":57,\"caption\":\"Multimedia Web\"},\"image\":{\"@id\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/#\/schema\/person\/c0748e23499fac2fd73b79d1379fdf42\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/www.nycwebdesign.eu\/webdesign\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/991cd68bbfd6f946517378a63fc3a1f7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/991cd68bbfd6f946517378a63fc3a1f7?s=96&d=mm&r=g\",\"caption\":\"admin\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WordPress: 3 vulnerabilit\u00e0 critiche in 3 diversi plugin - AGENZIA WEB Italia","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/","og_locale":"it_IT","og_type":"article","og_title":"WordPress: 3 vulnerabilit\u00e0 critiche in 3 diversi plugin - AGENZIA WEB Italia","og_description":"I team di cybersecurity della Web Application Security Platform WebArx, e di Wordfence, security addon per WordPress, hanno recentemente pubblicato alcuni report dove vengono evidenziate delle importanti criticit\u00e0 presenti in tre plugin molto popolari del noto CMS: InfiniteWP Client, WP Time Capsule e WP Database Reset. Si stima che tali add-on siano utilizzati attivamente da...","og_url":"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/","og_site_name":"AGENZIA WEB Italia","article_published_time":"2020-01-21T20:31:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Scritto da":"admin","Tempo di lettura stimato":"1 minuto"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/#article","isPartOf":{"@id":"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/"},"author":{"name":"admin","@id":"https:\/\/www.nycwebdesign.eu\/webdesign\/#\/schema\/person\/c0748e23499fac2fd73b79d1379fdf42"},"headline":"WordPress: 3 vulnerabilit\u00e0 critiche in 3 diversi plugin","datePublished":"2020-01-21T20:31:36+00:00","dateModified":"2020-01-21T20:31:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/"},"wordCount":264,"publisher":{"@id":"https:\/\/www.nycwebdesign.eu\/webdesign\/#organization"},"articleSection":["News"],"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/","url":"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/","name":"WordPress: 3 vulnerabilit\u00e0 critiche in 3 diversi plugin - AGENZIA WEB Italia","isPartOf":{"@id":"https:\/\/www.nycwebdesign.eu\/webdesign\/#website"},"datePublished":"2020-01-21T20:31:36+00:00","dateModified":"2020-01-21T20:31:36+00:00","breadcrumb":{"@id":"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.nycwebdesign.eu\/webdesign\/wordpress-3-vulnerabilita-critiche-in-3-diversi-plugin\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.nycwebdesign.eu\/webdesign\/"},{"@type":"ListItem","position":2,"name":"WordPress: 3 vulnerabilit\u00e0 critiche in 3 diversi plugin"}]},{"@type":"WebSite","@id":"https:\/\/www.nycwebdesign.eu\/webdesign\/#website","url":"https:\/\/www.nycwebdesign.eu\/webdesign\/","name":"AGENZIA WEB Italia","description":"Web design Web agency Italia","publisher":{"@id":"https:\/\/www.nycwebdesign.eu\/webdesign\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.nycwebdesign.eu\/webdesign\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/www.nycwebdesign.eu\/webdesign\/#organization","name":"Multimedia Web","url":"https:\/\/www.nycwebdesign.eu\/webdesign\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/www.nycwebdesign.eu\/webdesign\/#\/schema\/logo\/image\/","url":"https:\/\/www.nycwebdesign.eu\/webdesign\/wp-content\/uploads\/2016\/05\/multimediaweb1.png","contentUrl":"https:\/\/www.nycwebdesign.eu\/webdesign\/wp-content\/uploads\/2016\/05\/multimediaweb1.png","width":200,"height":57,"caption":"Multimedia Web"},"image":{"@id":"https:\/\/www.nycwebdesign.eu\/webdesign\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.nycwebdesign.eu\/webdesign\/#\/schema\/person\/c0748e23499fac2fd73b79d1379fdf42","name":"admin","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/www.nycwebdesign.eu\/webdesign\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/991cd68bbfd6f946517378a63fc3a1f7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/991cd68bbfd6f946517378a63fc3a1f7?s=96&d=mm&r=g","caption":"admin"}}]}},"_links":{"self":[{"href":"https:\/\/www.nycwebdesign.eu\/webdesign\/wp-json\/wp\/v2\/posts\/22155"}],"collection":[{"href":"https:\/\/www.nycwebdesign.eu\/webdesign\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nycwebdesign.eu\/webdesign\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nycwebdesign.eu\/webdesign\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nycwebdesign.eu\/webdesign\/wp-json\/wp\/v2\/comments?post=22155"}],"version-history":[{"count":0,"href":"https:\/\/www.nycwebdesign.eu\/webdesign\/wp-json\/wp\/v2\/posts\/22155\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.nycwebdesign.eu\/webdesign\/wp-json\/wp\/v2\/media?parent=22155"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nycwebdesign.eu\/webdesign\/wp-json\/wp\/v2\/categories?post=22155"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nycwebdesign.eu\/webdesign\/wp-json\/wp\/v2\/tags?post=22155"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}