{"id":207243,"date":"2022-06-17T11:24:58","date_gmt":"2022-06-17T13:24:58","guid":{"rendered":"https:\/\/teknomers.com\/fr\/plus-dun-million-de-sites-wordpress-mis-a-jour-de-force-pour-corriger-une-vulnerabilite-critique-du-plugin\/"},"modified":"2022-06-17T11:24:59","modified_gmt":"2022-06-17T13:24:59","slug":"plus-dun-million-de-sites-wordpress-mis-a-jour-de-force-pour-corriger-une-vulnerabilite-critique-du-plugin","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/plus-dun-million-de-sites-wordpress-mis-a-jour-de-force-pour-corriger-une-vulnerabilite-critique-du-plugin\/","title":{"rendered":"Plus d&#8217;un million de sites WordPress mis \u00e0 jour de force pour corriger une vuln\u00e9rabilit\u00e9 critique du plugin"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Les sites Web WordPress utilisant un plugin largement utilis\u00e9 nomm\u00e9 Ninja Forms ont \u00e9t\u00e9 mis \u00e0 jour automatiquement pour corriger une vuln\u00e9rabilit\u00e9 de s\u00e9curit\u00e9 critique qui est soup\u00e7onn\u00e9e d&#8217;avoir \u00e9t\u00e9 activement exploit\u00e9e dans la nature.<\/p>\n<p>Le probl\u00e8me, qui concerne un cas d&#8217;injection de code, est not\u00e9 9,8 sur 10 pour la gravit\u00e9 et affecte plusieurs versions \u00e0 partir de la 3.0.  Il a \u00e9t\u00e9 corrig\u00e9 dans 3.0.34.2, 3.1.10, 3.2.28, 3.3.21.4, 3.4.34.2, 3.5.8.4 et 3.6.11.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/backup-bitbucket\" target=\"_blank\" title=\"DevOps backupy\"><img loading=\"lazy\" decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/05\/Microsoft-met-en-garde-contre-les-ecumeurs-Web-imitant-Google.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>Ninja Forms est un <a rel=\"nofollow noopener\" href=\"https:\/\/wordpress.org\/plugins\/ninja-forms\/\" target=\"_blank\">constructeur de formulaire de contact personnalisable<\/a> qui compte plus d&#8217;un million d&#8217;installations.<\/p>\n<p>Selon Wordfence, le bogue &#8220;a permis \u00e0 des attaquants non authentifi\u00e9s d&#8217;appeler un nombre limit\u00e9 de m\u00e9thodes dans diverses classes Ninja Forms, y compris une m\u00e9thode qui d\u00e9s\u00e9rialisait le contenu fourni par l&#8217;utilisateur, entra\u00eenant l&#8217;injection d&#8217;objets&#8221;.<\/p>\n<div class=\"separator\" style=\"clear: both\"><img decoding=\"async\" alt=\"\" border=\"0\" data-original-height=\"587\" data-original-width=\"728\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/06\/1655472298_333_Plus-dun-million-de-sites-WordPress-mis-a-jour-de.jpg\" \/><\/div>\n<p>&#8220;Cela pourrait permettre aux attaquants d&#8217;ex\u00e9cuter du code arbitraire ou de supprimer des fichiers arbitraires sur des sites o\u00f9 un [property oriented programming] cha\u00eene \u00e9tait pr\u00e9sente&#8221;, Chloe Chamberland de Wordfence <a rel=\"nofollow noopener\" href=\"https:\/\/www.wordfence.com\/blog\/2022\/06\/psa-critical-vulnerability-patched-in-ninja-forms-wordpress-plugin\/\" target=\"_blank\">c&#8217;est not\u00e9<\/a>.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowdsec-tour-d\" target=\"_blank\" title=\"CyberSecurity\"><img loading=\"lazy\" decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" src=\"https:\/\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEj6zHdXd3qpCksF0nkMkrjsOzaw-cxZGPHWoTEp9y7VPIeyPBFGsmIyIX8NTkqI1IDqnIXYnsZuIh4rc9f8TNUn7ndAZqtXc-t58X2oueTaL4Ijb4hgH-b183QvQ0ienXIipuOsqeLP5b8I2prKmp0RWvdZQgnKehVRKbqRQpin1JgfwlZeE_IB4EmesQ\/s1600\/crowdsec-728.jpg\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>L&#8217;exploitation r\u00e9ussie de la faille pourrait permettre \u00e0 un attaquant d&#8217;ex\u00e9cuter du code \u00e0 distance et de prendre compl\u00e8tement le contr\u00f4le d&#8217;un site WordPress vuln\u00e9rable.<\/p>\n<p>Il est conseill\u00e9 aux utilisateurs de Ninja Forms de s&#8217;assurer que leurs sites WordPress sont mis \u00e0 jour pour ex\u00e9cuter la derni\u00e8re version corrig\u00e9e afin d&#8217;emp\u00eacher toute tentative d&#8217;exploitation possible dans la nature.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/06\/over-million-wordpress-sites-forcibly.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Les sites Web WordPress utilisant un plugin largement utilis\u00e9 nomm\u00e9 Ninja Forms ont \u00e9t\u00e9 mis \u00e0 jour automatiquement pour corriger une vuln\u00e9rabilit\u00e9 de s\u00e9curit\u00e9 critique qui est soup\u00e7onn\u00e9e d&#8217;avoir \u00e9t\u00e9 activement exploit\u00e9e dans la nature. Le probl\u00e8me, qui concerne un cas d&#8217;injection de code, est not\u00e9 9,8 sur 10 pour la gravit\u00e9 et affecte plusieurs [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":207244,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[4168,25646,22,4158,4165,4161,74,1209,3995,4157,4159,4171,4170,4167,358,4103,4160,4163,4162,51599,185,4172,4169,2783,196,4166,3667,4164,51600],"class_list":["post-207243","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-comment-pirater","tag-corriger","tag-critique","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dun","tag-force","tag-jour","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-million","tag-mis","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-plugin","tag-pour","tag-securite-informatique","tag-securite-internet","tag-sites","tag-une","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/207243","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=207243"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/207243\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/207244"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=207243"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=207243"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=207243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}