WordPress¥×¥é¥°¥¤¥ó¤Î11·î¥»¥¥å¥ê¥Æ¥£¥Ñ¥Ã¥ÁºÇ¿·¾ðÊó
Sucuri¤Ï11·î24Æü(Êƹñ»þ´Ö)¡¢¡ÖWordPress Vulnerability & Patch Roundup November 2023¡×¤Ë¤ª¤¤¤Æ¡¢2023ǯ10·î¤ËÌÀ¤é¤«¤Ë¤Ê¤Ã¤¿WordPress¤ÎÀȼåÀ¤ª¤è¤Ó¥»¥¥å¥ê¥Æ¥£¥Ñ¥Ã¥Á¤Î¾ðÊó¤Ë¤Ä¤¤¤ÆÅÁ¤¨¤¿¡£Sucuri¤ÏWeb¥µ¥¤¥È½êͼԤËÂФ·¤Æ¿·¤¿¤Ê¶¼°Ò¤òÇÄ°®¤·¤ÆÂн褷¤Æ¤â¤é¤¨¤ë¤è¤¦¡¢WordPress¥¨¥³¥·¥¹¥Æ¥à¤Î½ÅÍפʥ»¥¥å¥ê¥Æ¥£¥¢¥Ã¥×¥Ç¡¼¥È¤ÈÀȼåÀ¥Ñ¥Ã¥Á¤Î°ìÍ÷¤ò¤Þ¤È¤á¤Æ¸øɽ¤·¤Æ¤¤¤ë¡£
º£·î¤Ï19¸Ä¤ÎÀȼåÀ¤È¤½¤Î´ËϺö¤¬¾Ò²ð¤µ¤ì¤Æ¤¤¤ë¡£¥»¥¥å¥ê¥Æ¥£¥ê¥¹¥¯¤ÎÆâÌõ¤Ï¡Ö½ÅÍ×(High)¡×¤¬1¸Ä¡¢¡Ö·Ù¹ð(Medium)¡×¤¬8¸Ä¡¢¡ÖÄã(Low)¡×¤¬9¸Ä¤È¤Ê¤Ã¤Æ¤¤¤ë¡£
º£·î¤Î¼ç¤ÊÀȼåÀ¤Ï¼¡¤Î¤È¤ª¤ê¡£
[½ÅÍ×(High)] CVE-2023-47505 Elementor Website Builder - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS: Cross-Site Scripting)¤ÎÀȼåÀ
[·Ù¹ð(Medium)] CVE-2023-4775 Advanced iFrame - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[·Ù¹ð(Medium)] CVE-2023-4888 Simple Like Page Plugin - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[·Ù¹ð(Medium)] CVE-2023-47529 Cloud Templates & Patterns Collection - µ¡Ì©¾ðÊóϳ¤¨¤¤¤ÎÀȼåÀ
[·Ù¹ð(Medium)] CVE-2023-47681 WooCommerce Checkout Manager - ÉÔŬÀڤʥ¢¥¯¥»¥¹À©¸æ¤Ë¤è¤ëÀȼåÀ
[·Ù¹ð(Medium)] CVE-2023-47693 Ultimate Addons for Contact Form 7 - ÉÔŬÀڤʥ¢¥¯¥»¥¹À©¸æ¤Ë¤è¤ëÀȼåÀ
[·Ù¹ð(Medium)] CVE-2023-47754 Delete Duplicate Posts - ÉÔŬÀڤʥ¢¥¯¥»¥¹À©¸æ¤Ë¤è¤ëÀȼåÀ
[·Ù¹ð(Medium)] Ecwid Ecommerce Shopping Cart - ÉÔŬÀڤʥ¢¥¯¥»¥¹À©¸æ¤Ë¤è¤ë¥»¥¥å¥ê¥Æ¥£ÀȼåÀ
[·Ù¹ð(Medium)] LearnPress - WordPress LMS Plugin - ¥ê¥Õ¥ì¥¯¥Æ¥Ã¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[·Ù¹ð(Medium)] NitroPack - ǧ¾Ú½èÍý·çÇ¡¤Ë¤è¤ëÀȼåÀ
[Ãí°Õ(Low)] CVE-2023-4726 Ultimate Dashboard - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[Ãí°Õ(Low)] CVE-2023-4810 Responsive Pricing Table - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[Ãí°Õ(Low)] CVE-2023-4842 Social Sharing Plugin - Social Warfare - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[Ãí°Õ(Low)] CVE-2023-33998 Easy Social Icons - ÉÔŬÀڤʥ¢¥¯¥»¥¹À©¸æ¤Ë¤è¤ëÀȼåÀ
[Ãí°Õ(Low)] CVE-2023-47530 Redirect 404 Error Page to Homepage or Custom Page with Logs - SQL¥¤¥ó¥¸¥§¥¯¥·¥ç¥ó
[Ãí°Õ(Low)] CVE-2023-47546 OneClick Chat to Order - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[Ãí°Õ(Low)] CVE-2023-5605 URL Shortify - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[Ãí°Õ(Low)] Popup Box - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[Ãí°Õ(Low)] Solid Central - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
WordPress¤ÎÀȼåÀ¤Ï¥µ¥¤¥Ð¡¼ÈȺá¼Ô¤Ë°ÍѤµ¤ì¤ä¤¹¤¤¡£Web¥µ¥¤¥È¤ò±¿±Ä¤·¤Æ¤¤¤ë¥æ¡¼¥¶¡¼¤Ï¡¢Sucuri¤Î¥»¥¥å¥ê¥Æ¥£¾ðÊó¤ÎÆâÍƤò³Îǧ¤¹¤ë¤È¤È¤â¤Ë¡¢Å¬Àڤ˴ËϺö¤ÎŬÍѤ䥢¥Ã¥×¥Ç¡¼¥È¤ÎŬÍѤò¼Â»Ü¤¹¤ë¤³¤È¤¬Ë¾¤Þ¤ì¤ë¡£
º£·î¤Ï19¸Ä¤ÎÀȼåÀ¤È¤½¤Î´ËϺö¤¬¾Ò²ð¤µ¤ì¤Æ¤¤¤ë¡£¥»¥¥å¥ê¥Æ¥£¥ê¥¹¥¯¤ÎÆâÌõ¤Ï¡Ö½ÅÍ×(High)¡×¤¬1¸Ä¡¢¡Ö·Ù¹ð(Medium)¡×¤¬8¸Ä¡¢¡ÖÄã(Low)¡×¤¬9¸Ä¤È¤Ê¤Ã¤Æ¤¤¤ë¡£
º£·î¤Î¼ç¤ÊÀȼåÀ¤Ï¼¡¤Î¤È¤ª¤ê¡£
[½ÅÍ×(High)] CVE-2023-47505 Elementor Website Builder - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS: Cross-Site Scripting)¤ÎÀȼåÀ
[·Ù¹ð(Medium)] CVE-2023-4775 Advanced iFrame - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[·Ù¹ð(Medium)] CVE-2023-4888 Simple Like Page Plugin - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[·Ù¹ð(Medium)] CVE-2023-47529 Cloud Templates & Patterns Collection - µ¡Ì©¾ðÊóϳ¤¨¤¤¤ÎÀȼåÀ
[·Ù¹ð(Medium)] CVE-2023-47681 WooCommerce Checkout Manager - ÉÔŬÀڤʥ¢¥¯¥»¥¹À©¸æ¤Ë¤è¤ëÀȼåÀ
[·Ù¹ð(Medium)] CVE-2023-47693 Ultimate Addons for Contact Form 7 - ÉÔŬÀڤʥ¢¥¯¥»¥¹À©¸æ¤Ë¤è¤ëÀȼåÀ
[·Ù¹ð(Medium)] CVE-2023-47754 Delete Duplicate Posts - ÉÔŬÀڤʥ¢¥¯¥»¥¹À©¸æ¤Ë¤è¤ëÀȼåÀ
[·Ù¹ð(Medium)] Ecwid Ecommerce Shopping Cart - ÉÔŬÀڤʥ¢¥¯¥»¥¹À©¸æ¤Ë¤è¤ë¥»¥¥å¥ê¥Æ¥£ÀȼåÀ
[·Ù¹ð(Medium)] LearnPress - WordPress LMS Plugin - ¥ê¥Õ¥ì¥¯¥Æ¥Ã¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[·Ù¹ð(Medium)] NitroPack - ǧ¾Ú½èÍý·çÇ¡¤Ë¤è¤ëÀȼåÀ
[Ãí°Õ(Low)] CVE-2023-4726 Ultimate Dashboard - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[Ãí°Õ(Low)] CVE-2023-4810 Responsive Pricing Table - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[Ãí°Õ(Low)] CVE-2023-4842 Social Sharing Plugin - Social Warfare - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[Ãí°Õ(Low)] CVE-2023-33998 Easy Social Icons - ÉÔŬÀڤʥ¢¥¯¥»¥¹À©¸æ¤Ë¤è¤ëÀȼåÀ
[Ãí°Õ(Low)] CVE-2023-47530 Redirect 404 Error Page to Homepage or Custom Page with Logs - SQL¥¤¥ó¥¸¥§¥¯¥·¥ç¥ó
[Ãí°Õ(Low)] CVE-2023-47546 OneClick Chat to Order - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[Ãí°Õ(Low)] CVE-2023-5605 URL Shortify - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[Ãí°Õ(Low)] Popup Box - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
[Ãí°Õ(Low)] Solid Central - ¥¹¥È¥¢¥É¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS)¤ÎÀȼåÀ
WordPress¤ÎÀȼåÀ¤Ï¥µ¥¤¥Ð¡¼ÈȺá¼Ô¤Ë°ÍѤµ¤ì¤ä¤¹¤¤¡£Web¥µ¥¤¥È¤ò±¿±Ä¤·¤Æ¤¤¤ë¥æ¡¼¥¶¡¼¤Ï¡¢Sucuri¤Î¥»¥¥å¥ê¥Æ¥£¾ðÊó¤ÎÆâÍƤò³Îǧ¤¹¤ë¤È¤È¤â¤Ë¡¢Å¬Àڤ˴ËϺö¤ÎŬÍѤ䥢¥Ã¥×¥Ç¡¼¥È¤ÎŬÍѤò¼Â»Ü¤¹¤ë¤³¤È¤¬Ë¾¤Þ¤ì¤ë¡£
