Defiant¤Ï1·î10Æü(Êƹñ»þ´Ö)¡¢¡ÖType Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin¡×¤Ë¤ª¤¤¤Æ¡¢WordPress¤Î¿Íµ¤¤ÎSMTP¥×¥é¥°¥¤¥ó¡ÖPost SMTP¡×¤ËÊ£¿ô¤ÎÀȼåÀ­¤¬Â¸ºß¤¹¤ë¤ÈÊ󤸤¿¡£Post SMTP¤Ï30Ëü·ï°Ê¾å¤Î¥æ¡¼¥¶¡¼¤¬¤¤¤ë¥á¡¼¥ë¥í¥°¤ÈÇÛ¿®¼ºÇÔÄÌÃε¡Ç½¤òÈ÷¤¨¤¿SMTP¥×¥é¥°¥¤¥ó¡£¸½ºß¡¢Ìó15Ëü¤Î¥æ¡¼¥¶¡¼¤¬ÀȼåÀ­¤Î±Æ¶Á¤ò¼õ¤±¤Æ¤¤¤ë¤È¤ß¤é¤ì¤Æ¤¤¤ë¡£

Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin

¡ûÀȼåÀ­¤Î±Æ¶Á¤ò¼õ¤±¤ë¥Ð¡¼¥¸¥ç¥ó¤È½¤Àµ¤µ¤ì¤¿¥Ð¡¼¥¸¥ç¥ó

ÀȼåÀ­¤Î±Æ¶Á¤ò¼õ¤±¤ë¤È¤µ¤ì¤ë¥×¥é¥°¥¤¥ó¤Î¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£

Post SMTP¥Ð¡¼¥¸¥ç¥ó2.8.7¤ª¤è¤Ó¤³¤ì°ÊÁ°¤Î¥Ð¡¼¥¸¥ç¥ó

ÀȼåÀ­¤¬½¤Àµ¤µ¤ì¤¿¥×¥é¥°¥¤¥ó¤Î¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£

Post SMTP¥Ð¡¼¥¸¥ç¥ó2.8.8¤ª¤è¤Ó¤³¤ì°Ê¹ß¤Î¥Ð¡¼¥¸¥ç¥ó

¡û½¤Àµ¤µ¤ì¤¿ÀȼåÀ­¤Î¾ðÊó

½¤Àµ¤µ¤ì¤¿ÀȼåÀ­¤Î¾ðÊó¤Ï¼¡¤Î¤È¤ª¤ê¡£

CVE-2023-6875 - connect-app REST¥¨¥ó¥É¥Ý¥¤¥ó¥È¤Ë¤ª¤±¤ë·¿ÊÑ´¹¤ËÉÔ¶ñ¹ç¤¬¤¢¤ê¡¢¥Ç¡¼¥¿¤Ø¤ÎÉÔÀµ¥¢¥¯¥»¥¹¤Î²ÄǽÀ­¤¬¤¢¤ë¡£¤³¤ÎÀȼåÀ­¤ò°­ÍѤµ¤ì¤ë¤È¡¢Ç§¾Ú¤µ¤ì¤Æ¤¤¤Ê¤¤¹¶·â¼Ô¤Ë¤è¤ê¥á¡¼¥é¤Ø¤Îǧ¾Ú¤Ë»ÈÍѤµ¤ì¤¿API¥­¡¼¤¬¥ê¥»¥Ã¥È¤µ¤ì¡¢¥Ñ¥¹¥ï¡¼¥É¥ê¥»¥Ã¥È¥á¡¼¥ë¤ò´Þ¤à¥í¥°¤Î±ÜÍ÷¤Ë¤è¤ê¥µ¥¤¥È¤¬¾è¤Ã¼è¤é¤ì¤ë²ÄǽÀ­¤¬¤¢¤ë

CVE-2023-7027 - ÉÔ½½Ê¬¤ÊÆþÎϤΥµ¥Ë¥¿¥¤¥º¤È½ÐÎϤΥ¨¥¹¥±¡¼¥×¤ò¸¶°ø¤È¤·¤¿device¥Ø¥Ã¥À¤ò·Ðͳ¤¹¤ëÃßÀÑ·¿¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(XSS: Cross-Site Scripting)¤ÎÀȼåÀ­¡£¤³¤ÎÀȼåÀ­¤ò°­ÍѤµ¤ì¤ë¤È¡¢Ç§¾Ú¤µ¤ì¤Æ¤¤¤Ê¤¤¹¶·â¼Ô¤Ë¤è¤êǤ°Õ¤ÎWeb¥¹¥¯¥ê¥×¥È¤¬¥Ú¡¼¥¸¤ËÁÞÆþ¤µ¤ì¤ë²ÄǽÀ­¤¬¤¢¤ë

¤³¤ì¤éÀȼåÀ­¤Î¤¦¤ÁºÇ¤â¹â¤¤¿¼¹ïÅ٤϶۵Þ(Critical)¤Èɾ²Á¤µ¤ì¤Æ¤ª¤êÃí°Õ¤¬É¬Íס£³ºÅö¤¹¤ë¥×¥é¥°¥¤¥ó¤ò»ÈÍѤ·¤Æ¤¤¤ë¥æ¡¼¥¶¡¼¤Ï¡¢Â®¤ä¤«¤Ë¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£