{"id":9106,"date":"2024-04-22T06:39:22","date_gmt":"2024-04-22T06:39:22","guid":{"rendered":"https:\/\/musilda.cz\/?p=9106"},"modified":"2024-04-22T06:39:22","modified_gmt":"2024-04-22T06:39:22","slug":"zranitelnost-wordpress-pluginu-wpml","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/zranitelnost-wordpress-pluginu-wpml\/","title":{"rendered":"Zranitelnost WordPress pluginu WPML"},"content":{"rendered":"\n

WPML je jedn\u00edm z obl\u00edben\u00fdch a \u010dasto pou\u017e\u00edvan\u00fdch plugin\u016f, kter\u00fd se pou\u017e\u00edv\u00e1 pro tvorbu v\u00edcejazy\u010dn\u00fdch web\u016f. V ned\u00e1vn\u00e9 dob\u011b se v\u0161ak kv\u016fli \u0161patn\u011b zabezpe\u010den\u00e9mu v\u00fdstupu u WPML objevila XSS zranitelnost.<\/p>\n\n\n\n

O pluginu WPML<\/h2>\n\n\n\n

WPML je pr\u00e9miov\u00fd plugin, kter\u00fd umo\u017e\u0148uje jednodu\u0161e p\u0159ekl\u00e1dat webov\u00e9 str\u00e1nky do v\u00edce jazyk\u016f. Mezi jeho velk\u00e9 v\u00fdhody pat\u0159\u00ed kompatibilita s r\u016fzn\u00fdmi page buildery (DIVI…) a pluginy (p\u0159eklad vlastn\u00edch pol\u00ed pluginu ACF…). Krom\u011b toho m\u00e1 plugin pozitivn\u00ed vliv na SEO, kde m\u016f\u017eeme nap\u0159\u00edklad nastavit spr\u00e1vnou URL p\u0159ekl\u00e1dan\u00fdm str\u00e1nk\u00e1m a meta popisky k p\u0159eklad\u016fm.<\/p>\n\n\n\n

WPML bohu\u017eel neposkytuje \u017e\u00e1dnou nezpoplatn\u011bnou verzi. Na v\u00fdb\u011br m\u00e1me r\u016fzn\u00e9 licence od 39 $\/rok, a\u017e do 199 $\/rok.<\/p>\n\n\n\n

WPML m\u016f\u017eete st\u00e1hnout zde<\/strong><\/a>.<\/p>\n\n\n\n

Zranitelnost WPML<\/h2>\n\n\n\n

Zranitelnost vznik\u00e1 t\u00edm, \u017ee plugin neodstra\u0148uje, nebo nenahrazuje speci\u00e1ln\u00ed znaky v URL adrese, p\u0159ed jejich zobrazen\u00edm na str\u00e1nce.<\/p>\n\n\n\n

Tato zranitelnost m\u016f\u017ee v\u00e9st k tzv. „Reflected XSS“, co\u017e jsou \u00fatoky, u kter\u00fdch je \u0161kodliv\u00fd skript sou\u010d\u00e1st\u00ed po\u017eadavku odeslan\u00e9ho na server. Tento po\u017eadavek n\u00e1sledn\u011b zahrne skript do sv\u00e9 odpov\u011bdi, kter\u00e1 je odesl\u00e1na zp\u011bt prohl\u00ed\u017ee\u010di.<\/p>\n\n\n\n

Zranitelnost se t\u00fdk\u00e1 pouze verz\u00ed, kter\u00e9 jsou ni\u017e\u0161\u00ed, ne\u017e < 4.6.1. Pokud tedy st\u00e1le pou\u017e\u00edv\u00e1te n\u011bkterou ze zastaral\u00fdch verz\u00ed, neprodlen\u011b sv\u016fj plugin aktualizujte.<\/p>\n\n\n\n

V\u00edce o tom, co p\u0159esn\u011b zranitelnost ve WordPress pluginech a \u0161ablon\u00e1ch znamen\u00e1 najdete zde<\/strong><\/a>.<\/p>\n\n\n\n

Zdroj: https:\/\/wpscan.com\/vulnerability\/b9cc519c-7ec2-42c3-9f42-01e928e12139\/<\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

WPML je jedn\u00edm z obl\u00edben\u00fdch a \u010dasto pou\u017e\u00edvan\u00fdch plugin\u016f, kter\u00fd se pou\u017e\u00edv\u00e1 pro tvorbu v\u00edcejazy\u010dn\u00fdch web\u016f. V ned\u00e1vn\u00e9 dob\u011b se v\u0161ak kv\u016fli \u0161patn\u011b zabezpe\u010den\u00e9mu v\u00fdstupu u WPML objevila XSS zranitelnost. O pluginu WPML WPML je pr\u00e9miov\u00fd plugin, kter\u00fd umo\u017e\u0148uje jednodu\u0161e p\u0159ekl\u00e1dat webov\u00e9 str\u00e1nky do v\u00edce jazyk\u016f. Mezi jeho velk\u00e9 v\u00fdhody pat\u0159\u00ed kompatibilita s r\u016fzn\u00fdmi page<\/p>\n","protected":false},"author":1,"featured_media":9107,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,30],"tags":[81,460,563],"class_list":["post-9106","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost-wordpressu","category-wordpress","tag-bezpecnost","tag-wordpress-2","tag-zranitelnost"],"_links":{"self":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/9106"}],"collection":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/comments?post=9106"}],"version-history":[{"count":0,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/9106\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media\/9107"}],"wp:attachment":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media?parent=9106"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/categories?post=9106"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/tags?post=9106"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}