{"id":2377,"date":"2015-04-20T18:07:04","date_gmt":"2015-04-20T18:07:04","guid":{"rendered":"http:\/\/musilda.cz\/?p=2377"},"modified":"2015-04-20T18:07:04","modified_gmt":"2015-04-20T18:07:04","slug":"xss-zranitelnost-ohrozujici-velke-mnozstvi-wordpress-pluginu","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/xss-zranitelnost-ohrozujici-velke-mnozstvi-wordpress-pluginu\/","title":{"rendered":"XSS zranitelnost ohro\u017euj\u00edc\u00ed velk\u00e9 mno\u017estv\u00ed WordPRess plugin\u016f"},"content":{"rendered":"<p>Na blogu Sucuri dnes vy\u0161lo upozorn\u011bn\u00ed na zranitelnost, kter\u00e1 zas\u00e1hne doslova miliony u\u017eivatel\u016f po cel\u00e9m sv\u011bt\u011b. \u010casto pou\u017e\u00edvan\u00e9 funkce add_query_arg a remove_query_arg je pot\u0159eba p\u0159ed jejich pou\u017eit\u00edm escapovat, proto\u017ee samy o sob\u011b escapov\u00e1n\u00ed neobsahuj\u00ed.<\/p>\n<p>\u0158ada v\u00fdvoj\u00e1\u0159\u016f v\u0161ak spol\u00e9h\u00e1 na Codex, kde toto nen\u00ed jasn\u011b uvedeno. Probl\u00e9m byl detekov\u00e1n t\u00fdmek kolem pluginu WordPress SEO by Yoast a tento plugin ji\u017e m\u00e1 bezpe\u010dnostn\u00ed aktualizaci.<\/p>\n<p>Seznam plugin\u016f, kter\u00fdch se probl\u00e9m t\u00fdk\u00e1:<\/p>\n<ul>\n<li><a href=\"https:\/\/jetpack.me\/2015\/04\/20\/jetpack-3-4-3-coordinated-security-update\/\" target=\"_blank\" rel=\"noopener\">Jetpack<\/a><\/li>\n<li><a href=\"https:\/\/yoast.com\/coordinated-security-release\/\" target=\"_blank\" rel=\"noopener\">WordPress SEO<\/a><\/li>\n<li>Google Analytics by Yoast<\/li>\n<li>All In one SEO<\/li>\n<li>Gravity Forms<\/li>\n<li>V\u00edce plugin\u016f od\u00a0<a href=\"https:\/\/easydigitaldownloads.com\/?p=500387\" target=\"_blank\" rel=\"noopener\">Easy Digital Downloads<\/a><\/li>\n<li>UpdraftPlus<\/li>\n<li>WP-E-Commerce<\/li>\n<li>WPTouch<\/li>\n<li><a href=\"http:\/\/www.barrykooij.com\/several-security-updates-released\/\" target=\"_blank\" rel=\"noopener\">Download Monitor<\/a><\/li>\n<li><a href=\"http:\/\/www.barrykooij.com\/several-security-updates-released\/\" target=\"_blank\" rel=\"noopener\">Related Posts for WordPress<\/a><\/li>\n<li><a href=\"https:\/\/www.joedolson.com\/2015\/04\/important-security-fix-for-my-calendar\/\" target=\"_blank\" rel=\"noopener\">My Calendar<\/a><\/li>\n<li>P3 Profiler<\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/give\" target=\"_blank\" rel=\"noopener\">Give<\/a><\/li>\n<li>\u0158ada\u00a0<a href=\"https:\/\/ithemes.com\/2015\/04\/20\/coordinated-wordpress-plugin-security-update\" target=\"_blank\" rel=\"noopener\">iThemes<\/a>\u00a0produkt\u016f v\u010detn\u011b Builder a Exchange<\/li>\n<li>Broken-Link-Checker<\/li>\n<li>Ninja Forms<\/li>\n<\/ul>\n<p>D\u00e1 se v\u0161ak p\u0159edpokl\u00e1dat, \u017ee v\u00fd\u010det nen\u00ed \u00fapln\u00fd a aktualizace budou p\u0159ib\u00fdvat i u dal\u0161\u00edch plugin\u016f.<\/p>\n<p>Nev\u00e1hejte tedy s aktualizac\u00ed va\u0161ich plugin\u016f. <a href=\"https:\/\/blog.sucuri.net\/2015\/04\/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html\" target=\"_blank\" rel=\"noopener\">Zdroj \u010dl\u00e1nku<\/a><\/p>\n<p>&nbsp;<\/p>\n<h2 style=\"text-align: center\"><strong>Nechcete se zdr\u017eovat s kontrolami aktualizac\u00ed plugin\u016f a sledov\u00e1n\u00edm bezpe\u010dnostn\u00edch upozorn\u011bn\u00ed? Objednete si pravidelnou kontrolu va\u0161eho webu.<\/strong><\/h2>\n<p><a href=\"http:\/\/toret.cz\/nase-sluzby\/sprava-wordpress-stranek\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-2378\" src=\"http:\/\/musilda.cz\/wp-content\/uploads\/2015\/04\/banner-sprava.png\" alt=\"banner-sprava\" width=\"400\" height=\"200\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2015\/04\/banner-sprava.png 400w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2015\/04\/banner-sprava-300x150.png 300w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Na blogu Sucuri dnes vy\u0161lo upozorn\u011bn\u00ed na zranitelnost, kter\u00e1 zas\u00e1hne doslova miliony u\u017eivatel\u016f po cel\u00e9m sv\u011bt\u011b. \u010casto pou\u017e\u00edvan\u00e9 funkce add_query_arg a remove_query_arg je pot\u0159eba p\u0159ed jejich pou\u017eit\u00edm escapovat, proto\u017ee samy o sob\u011b escapov\u00e1n\u00ed neobsahuj\u00ed. \u0158ada v\u00fdvoj\u00e1\u0159\u016f v\u0161ak spol\u00e9h\u00e1 na Codex, kde toto nen\u00ed jasn\u011b uvedeno. Probl\u00e9m byl detekov\u00e1n t\u00fdmek kolem pluginu WordPress SEO by Yoast<\/p>\n","protected":false},"author":1,"featured_media":1775,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_uag_custom_page_level_css":"","footnotes":""},"categories":[6],"tags":[],"class_list":["post-2377","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost-wordpressu"],"acf":[],"uagb_featured_image_src":{"full":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2014\/05\/secure-wordpress-website.jpg",500,320,false],"thumbnail":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2014\/05\/secure-wordpress-website-150x150.jpg",150,150,true],"medium":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2014\/05\/secure-wordpress-website-300x192.jpg",300,192,true],"medium_large":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2014\/05\/secure-wordpress-website.jpg",500,320,false],"large":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2014\/05\/secure-wordpress-website.jpg",500,320,false],"1536x1536":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2014\/05\/secure-wordpress-website.jpg",500,320,false],"2048x2048":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2014\/05\/secure-wordpress-website.jpg",500,320,false],"archive-list":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2014\/05\/secure-wordpress-website-400x265.jpg",400,265,true]},"uagb_author_info":{"display_name":"Affinite","author_link":"https:\/\/affinite.io\/cs\/author\/affinite\/"},"uagb_comment_info":0,"uagb_excerpt":"Na blogu Sucuri dnes vy\u0161lo upozorn\u011bn\u00ed na zranitelnost, kter\u00e1 zas\u00e1hne doslova miliony u\u017eivatel\u016f po cel\u00e9m sv\u011bt\u011b. \u010casto pou\u017e\u00edvan\u00e9 funkce add_query_arg a remove_query_arg je pot\u0159eba p\u0159ed jejich pou\u017eit\u00edm escapovat, proto\u017ee samy o sob\u011b escapov\u00e1n\u00ed neobsahuj\u00ed. \u0158ada v\u00fdvoj\u00e1\u0159\u016f v\u0161ak spol\u00e9h\u00e1 na Codex, kde toto nen\u00ed jasn\u011b uvedeno. Probl\u00e9m byl detekov\u00e1n t\u00fdmek kolem pluginu WordPress SEO by Yoast","_links":{"self":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/2377","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/comments?post=2377"}],"version-history":[{"count":0,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/2377\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media\/1775"}],"wp:attachment":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media?parent=2377"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/categories?post=2377"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/tags?post=2377"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}