{"id":9106,"date":"2024-04-22T06:39:22","date_gmt":"2024-04-22T06:39:22","guid":{"rendered":"https:\/\/musilda.cz\/?p=9106"},"modified":"2024-04-22T06:39:22","modified_gmt":"2024-04-22T06:39:22","slug":"zranitelnost-wordpress-pluginu-wpml","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/zranitelnost-wordpress-pluginu-wpml\/","title":{"rendered":"Zranitelnost WordPress pluginu WPML"},"content":{"rendered":"\n
WPML je jedn\u00edm z obl\u00edben\u00fdch a \u010dasto pou\u017e\u00edvan\u00fdch plugin\u016f, kter\u00fd se pou\u017e\u00edv\u00e1 pro tvorbu v\u00edcejazy\u010dn\u00fdch web\u016f. V ned\u00e1vn\u00e9 dob\u011b se v\u0161ak kv\u016fli \u0161patn\u011b zabezpe\u010den\u00e9mu v\u00fdstupu u WPML objevila XSS zranitelnost.<\/p>\n\n\n\n
WPML je pr\u00e9miov\u00fd plugin, kter\u00fd umo\u017e\u0148uje jednodu\u0161e p\u0159ekl\u00e1dat webov\u00e9 str\u00e1nky do v\u00edce jazyk\u016f. Mezi jeho velk\u00e9 v\u00fdhody pat\u0159\u00ed kompatibilita s r\u016fzn\u00fdmi page buildery (DIVI…) a pluginy (p\u0159eklad vlastn\u00edch pol\u00ed pluginu ACF…). Krom\u011b toho m\u00e1 plugin pozitivn\u00ed vliv na SEO, kde m\u016f\u017eeme nap\u0159\u00edklad nastavit spr\u00e1vnou URL p\u0159ekl\u00e1dan\u00fdm str\u00e1nk\u00e1m a meta popisky k p\u0159eklad\u016fm.<\/p>\n\n\n\n
WPML bohu\u017eel neposkytuje \u017e\u00e1dnou nezpoplatn\u011bnou verzi. Na v\u00fdb\u011br m\u00e1me r\u016fzn\u00e9 licence od 39 $\/rok, a\u017e do 199 $\/rok.<\/p>\n\n\n\n
WPML m\u016f\u017eete st\u00e1hnout zde<\/strong><\/a>.<\/p>\n\n\n\n Zranitelnost vznik\u00e1 t\u00edm, \u017ee plugin neodstra\u0148uje, nebo nenahrazuje speci\u00e1ln\u00ed znaky v URL adrese, p\u0159ed jejich zobrazen\u00edm na str\u00e1nce.<\/p>\n\n\n\n Tato zranitelnost m\u016f\u017ee v\u00e9st k tzv. „Reflected XSS“, co\u017e jsou \u00fatoky, u kter\u00fdch je \u0161kodliv\u00fd skript sou\u010d\u00e1st\u00ed po\u017eadavku odeslan\u00e9ho na server. Tento po\u017eadavek n\u00e1sledn\u011b zahrne skript do sv\u00e9 odpov\u011bdi, kter\u00e1 je odesl\u00e1na zp\u011bt prohl\u00ed\u017ee\u010di.<\/p>\n\n\n\n Zranitelnost se t\u00fdk\u00e1 pouze verz\u00ed, kter\u00e9 jsou ni\u017e\u0161\u00ed, ne\u017e < 4.6.1. Pokud tedy st\u00e1le pou\u017e\u00edv\u00e1te n\u011bkterou ze zastaral\u00fdch verz\u00ed, neprodlen\u011b sv\u016fj plugin aktualizujte.<\/p>\n\n\n\n V\u00edce o tom, co p\u0159esn\u011b zranitelnost ve WordPress pluginech a \u0161ablon\u00e1ch znamen\u00e1 najdete zde<\/strong><\/a>.<\/p>\n\n\n\nZranitelnost WPML<\/h2>\n\n\n\n