{"id":9694,"date":"2025-03-25T02:18:20","date_gmt":"2025-03-25T00:18:20","guid":{"rendered":"https:\/\/nl-hh.eu\/index.php\/2025\/03\/25\/site-vulnerabilities-found-17\/"},"modified":"2025-03-25T02:18:20","modified_gmt":"2025-03-25T00:18:20","slug":"site-vulnerabilities-found-17","status":"publish","type":"post","link":"https:\/\/nl-hh.eu\/index.php\/2025\/03\/25\/site-vulnerabilities-found-17\/","title":{"rendered":"Site vulnerabilities found"},"content":{"rendered":"

Plesk<\/p>\n

\/* Stop WebKit from changing text sizes *\/
\n body,
\n table,
\n td,
\n a {
\n -webkit-text-size-adjust: 100%;
\n -ms-text-size-adjust: 100%;
\n }
\n body {
\n height: 100% !important;
\n margin: 0 !important;
\n padding: 0 !important;
\n width: 100% !important;
\n }<\/p>\n

\/* Removes spacing between tables in Outlook 2007+ *\/
\n table,
\n td {
\n mso-table-lspace: 0pt;
\n mso-table-rspace: 0pt;
\n }
\n img {
\n border: 0;
\n line-height: 100%;
\n text-decoration: none;
\n -ms-interpolation-mode: bicubic;
\n \/* Smoother rendering in IE *\/
\n }
\n table {
\n border-collapse: collapse !important;
\n }<\/p>\n

\/* iOS Blue Links *\/
\n a[x-apple-data-detectors] {
\n color: inherit !important;
\n text-decoration: none !important;
\n font-size: inherit !important;
\n font-family: inherit !important;
\n font-weight: inherit !important;
\n line-height: inherit !important;
\n }<\/p>\n

\/* Table fix for Outlook *\/
\n table {
\n border-collapse: separate;
\n }
\n .ExternalClass p,
\n .ExternalClass span,
\n .ExternalClass font,
\n .ExternalClass td {
\n line-height: 100%;
\n }
\n .ExternalClass {
\n width: 100%;
\n }<\/p>\n

\/* Mobile Styling *\/
\n @media screen and (max-width: 525px) {
\n .wrapper {
\n width: 100% !important;
\n max-width: 100% !important;
\n }
\n .hide-element {
\n display: none !important;
\n }
\n .no-padding {
\n padding: 0 !important;
\n }
\n .img-max {
\n max-width: 100% !important;
\n width: 100% !important;
\n height: auto !important;
\n }
\n .table-max {
\n width: 100% !important;
\n }
\n .mobile-btn-container {
\n margin: 0 auto;
\n width: 100% !important;
\n }
\n .mobile-btn {
\n padding: 15px !important;
\n border: 0 !important;
\n font-size: 16px !important;
\n display: block !important;
\n }
\n }<\/p>\n

\/* iPads (landscape) Styling *\/
\n @media handheld,
\n all and (device-width: 768px) and (device-height: 1024px) and =
\n(orientation : landscape) {
\n .wrapper-ipad {
\n max-width: 278px !important;
\n }
\n .table-max-ipad {
\n max-width: 465px !important;
\n }
\n }<\/p>\n

\/* iPads (portrait) Styling *\/
\n @media handheld,
\n all and (device-width: 768px) and (device-height: 1024px) and =
\n(orientation : portrait) {
\n .wrapper-ipad {
\n max-width: 278px !important;
\n }
\n .table-max-ipad {
\n max-width: 465px !important;
\n }
\n }<\/p>\n

 <\/p>\n

<\/p>\n

 <\/p>\n

WP Toolkit has detected new vulnerabilities on =
\nWordPress sites under your care. It is strongly recommended to update or =
\ndisable vulnerable assets on these sites. You can also configure WP =
\nToolkit to perform automatic actions when vulnerabilities are detected. =<\/p>\n

The following vulnerabilities need your attention because they =
\nhave to be addressed manually:<\/p>\n

 
\n Site: derschuster.hamburg<\/span>
\n Open in panel
\n  <\/p>\n

 
\n
\n Critical
\n <\/span><\/p>\n

WordPress Slider Revolution plugin < 6.7.0 – Unauthenticated =
\nBroken Access Control vulnerability<\/span><\/p>\n

Unauthenticated Broken Access Control =
\nvulnerability discovered by Rafie Muhammad (Patchstack) in WordPress =
\nPlugin Slider Revolution (versions < 6.7.0)<\/div>\n

=20
\n Source: Patchstack, Wordfence<\/b><\/p>\n

 <\/p>\n

 
\n Site: derschuster.hamburg<\/span>
\n Open in panel
\n  <\/p>\n

 
\n
\n Medium
\n <\/span><\/p>\n

Slider Revolution < 6.6.19 – Authenticated (Author+) PHP =
\nObject Injection<\/span><\/p>\n

The Slider Revolution plugin for WordPress is =
\nvulnerable to PHP Object Injection in all versions up to 6.6.19 =
\n(exclusive) via deserialization of untrusted input when importing a new =
\nslider. This makes it possible for authenticated attackers, with =
\nauthor-level access and above, to inject a PHP Object. No known POP =
\nchain is present in the vulnerable plugin. If a POP chain is present via =
\nan additional plugin or theme installed on the target system, it could =
\nallow the attacker to delete arbitrary files, retrieve sensitive data, =
\nor execute code.<\/div>\n
This record contains material that is =
\nsubject to copyright.<\/div>\n

Source: Wordfence<\/b><\/p>\n

 <\/p>\n

 
\n Site: derschuster.hamburg<\/span>
\n Open in panel
\n  <\/p>\n

 
\n
\n Medium
\n <\/span><\/p>\n

WordPress Lightbox Gallery plugin < 0.9.5 – Authenticated =
\n(Contributor+) Stored Cross-Site Scripting via Shortcode =
\nvulnerability<\/span><\/p>\n

Authenticated (Contributor+) Stored Cross-Site =
\nScripting via Shortcode vulnerability discovered by Lana Codes in =
\nWordPress Plugin Lightbox Photo Gallery (versions < 0.9.5)<\/div>\n

=20
\n Source: Patchstack, Wordfence<\/b><\/p>\n

 <\/p>\n

 
\n Site: derschuster.hamburg<\/span>
\n Open in panel
\n  <\/p>\n

 
\n
\n Medium
\n <\/span><\/p>\n

WordPress Lightbox Photo Gallery plugin < 0.9.5 – Contributor+ =
\nStored XSS via Shortcode vulnerability<\/span><\/p>\n

Contributor+ Stored XSS via Shortcode =
\nvulnerability discovered by an unknown individual in WordPress Plugin =
\nLightbox Photo Gallery (versions <=3D 0.9.4)<\/div>\n

=20
\n Source: Patchstack<\/b><\/p>\n

 <\/p>\n

 
\n Site: derschuster.hamburg<\/span>
\n Open in panel
\n  <\/p>\n

 
\n
\n Medium
\n <\/span><\/p>\n

WordPress Slide Anything plugin <=3D 2.4.9 – iFrame Injection =
\nto Cross-Site Scripting (XSS) vulnerability<\/span><\/p>\n

iFrame Injection to Cross-Site Scripting (XSS) =
\nvulnerability discovered by FearZzZz in WordPress Plugin Slide Anything =
\n(versions <=3D 2.4.9)<\/div>\n

=20
\n Source: Patchstack, Wordfence<\/b><\/p>\n

 <\/p>\n

More vulnerabilities were =
\nfound, please go to WP Toolkit for the full list. <\/p>\n

Automatic =
\nactions can be defined on the site autoupdate policy screen. =<\/p>\n

 <\/p>\n

<\/p>\n

 <\/p>\n

<\/p>\n

 <\/p>\n

<\/p>\n

 <\/p>\n

<\/p>\n

 <\/p>\n

WebPros International GmbH<\/p>\n

   
\n Vordergasse 59
\n    
\n Schaffhausen, CH 8200
\n    
\n Switzerland<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Plesk \/* Stop WebKit from changing text sizes *\/ body, table, td, a { -webkit-text-size-adjust: 100%; -ms-text-size-adjust: 100%; } body { height: 100% !important; margin: 0 !important; padding: 0 !important; width: 100% !important; } \/* Removes spacing between tables in Outlook 2007+ *\/ table, td { mso-table-lspace: 0pt; mso-table-rspace: 0pt; } img { border: 0; […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-9694","post","type-post","status-publish","format-standard","hentry","category-allgemein"],"_links":{"self":[{"href":"https:\/\/nl-hh.eu\/index.php\/wp-json\/wp\/v2\/posts\/9694","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nl-hh.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nl-hh.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nl-hh.eu\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nl-hh.eu\/index.php\/wp-json\/wp\/v2\/comments?post=9694"}],"version-history":[{"count":0,"href":"https:\/\/nl-hh.eu\/index.php\/wp-json\/wp\/v2\/posts\/9694\/revisions"}],"wp:attachment":[{"href":"https:\/\/nl-hh.eu\/index.php\/wp-json\/wp\/v2\/media?parent=9694"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nl-hh.eu\/index.php\/wp-json\/wp\/v2\/categories?post=9694"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nl-hh.eu\/index.php\/wp-json\/wp\/v2\/tags?post=9694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}