{"id":3255,"date":"2024-07-19T09:49:45","date_gmt":"2024-07-19T07:49:45","guid":{"rendered":"https:\/\/www.tec4net.com\/web\/?p=3255"},"modified":"2024-07-15T20:13:10","modified_gmt":"2024-07-15T18:13:10","slug":"30713","status":"publish","type":"post","link":"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/","title":{"rendered":"Sicherheitsl\u00fccke in WordPress-Plug-in: Beliebige Dateiuploads auf 150.000 Installationen m\u00f6glich"},"content":{"rendered":"<div class=\"group\/conversation-turn relative flex w-full min-w-0 flex-col agent-turn\">\n<div class=\"flex-col gap-1 md:gap-3\">\n<div class=\"flex flex-grow flex-col max-w-full\">\n<div class=\"min-h-[20px] text-message flex flex-col items-start whitespace-pre-wrap break-words [.text-message+&amp;]:mt-5 juice:w-full juice:items-end overflow-x-auto gap-2\" dir=\"auto\" data-message-author-role=\"assistant\" data-message-id=\"54cfb3bc-da29-4835-8526-bca3b29ff18b\">\n<div class=\"flex w-full flex-col gap-1 juice:empty:hidden juice:first:pt-[3px]\">\n<div class=\"markdown prose w-full break-words dark:prose-invert light\">\n<p>Das WordPress-Plug-in Modern Events Calendar, das auf \u00fcber 150.000 Installationen l\u00e4uft, birgt eine kritische Sicherheitsl\u00fccke. IT-Sicherheitsforscher von Wordfence haben entdeckt, dass Angreifer durch eine fehlende \u00dcberpr\u00fcfung des Dateityps in der Funktion set_featured_image beliebige Dateien hochladen k\u00f6nnen. Diese Schwachstelle (CVE-2024-5441, CVSS 8.8) erm\u00f6glicht es Angreifern, Schadcode einzuschleusen und auszuf\u00fchren, vorausgesetzt sie haben die Berechtigungsstufe &#8222;Subscriber&#8220; oder h\u00f6her. Eine aktualisierte Version des Plug-ins (7.12.0) wurde ver\u00f6ffentlicht, um das Problem zu beheben.<\/p>\n<p>Nutzer werden dringend empfohlen, das Update so schnell wie m\u00f6glich zu installieren, um sich vor potenziellen Angriffen zu sch\u00fctzen. Diese Sicherheitsl\u00fccke reiht sich in eine Serie von Vorf\u00e4llen ein, bei denen WordPress-Plug-ins als Einfallstor f\u00fcr Schadcode missbraucht wurden, was die Notwendigkeit betont, regelm\u00e4\u00dfig Sicherheitsaktualisierungen durchzuf\u00fchren, um die Integrit\u00e4t von WordPress-Instanzen zu wahren.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>Quelle:<br \/>\n<a href=\"https:\/\/www.heise.de\/news\/Wordpress-Plug-in-mit-150-000-Installation-ermoeglicht-beliebige-Dateiuploads-9794927.html\">https:\/\/www.heise.de\/news\/Wordpress-Plug-in-mit-150-000-Installation-ermoeglicht-beliebige-Dateiuploads-9794927.html<\/a><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Wir sind Experten f\u00fcr Datenschutz und IT-Sicherheit<\/strong><\/p>\n<p>Profitieren Sie von unserer umfassenden Beratung zu den Themen Datenschutz und IT-Sicherheit. Unser erfahrenes Team unterst\u00fctzt Sie dabei, Ihre Website und digitalen Dienste datenschutzkonform zu gestalten um die gesetzlichen Vorgaben zu erf\u00fcllen.<\/p>\n<p>Kontaktieren Sie uns noch heute und sichern Sie sich praxisnahe Beratung zur Umsetzung der DSGVO und Normen wie ISO 27001, PCI-DSS oder TISAX.<\/p>\n<p><strong>Datenschutz und IT-Sicherheit praktikabel umsetzen &#8211; tec4net GmbH<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Das WordPress-Plug-in Modern Events Calendar, das auf \u00fcber 150.000 Installationen l\u00e4uft, birgt eine kritische Sicherheitsl\u00fccke. IT-Sicherheitsforscher von Wordfence haben entdeckt, dass Angreifer durch eine fehlende \u00dcberpr\u00fcfung des Dateityps in der Funktion set_featured_image beliebige Dateien hochladen k\u00f6nnen. Diese Schwachstelle (CVE-2024-5441, CVSS 8.8) erm\u00f6glicht es Angreifern, Schadcode einzuschleusen und auszuf\u00fchren, vorausgesetzt sie [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[707,704,706,320,126,705,703],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Sicherheitsl\u00fccke in Wordpress-Plug-in: Beliebige Dateiuploads auf 150.000 Installationen m\u00f6glich - tec4net<\/title>\n<meta name=\"description\" content=\"Unsere IT-Experten beraten Sie im Bereich Consulting, IT-Security und Datenschutz in M\u00fcnchen | tec4net GmbH - seit 2003\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Sicherheitsl\u00fccke in Wordpress-Plug-in: Beliebige Dateiuploads auf 150.000 Installationen m\u00f6glich - tec4net\" \/>\n<meta property=\"og:description\" content=\"Unsere IT-Experten beraten Sie im Bereich Consulting, IT-Security und Datenschutz in M\u00fcnchen | tec4net GmbH - seit 2003\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/\" \/>\n<meta property=\"og:site_name\" content=\"tec4net\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-19T07:49:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-15T18:13:10+00:00\" \/>\n<meta name=\"author\" content=\"Matthias Walter\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Matthias Walter\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"2\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/\"},\"author\":{\"name\":\"Matthias Walter\",\"@id\":\"https:\/\/www.tec4net.com\/web\/#\/schema\/person\/eb2c0c81b5ce5b0320d91188184d409b\"},\"headline\":\"Sicherheitsl\u00fccke in WordPress-Plug-in: Beliebige Dateiuploads auf 150.000 Installationen m\u00f6glich\",\"datePublished\":\"2024-07-19T07:49:45+00:00\",\"dateModified\":\"2024-07-15T18:13:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/\"},\"wordCount\":231,\"publisher\":{\"@id\":\"https:\/\/www.tec4net.com\/web\/#organization\"},\"keywords\":[\"IT-Sicherheits-Experten M\u00fcnchen\",\"Modern Events Calendar\",\"Penetrationstest M\u00fcnchen\",\"Schadcode\",\"Sicherheitsl\u00fccke\",\"Wordfence\",\"Wordpress-Plug-in\"],\"inLanguage\":\"de\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/\",\"url\":\"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/\",\"name\":\"Sicherheitsl\u00fccke in Wordpress-Plug-in: Beliebige Dateiuploads auf 150.000 Installationen m\u00f6glich - tec4net\",\"isPartOf\":{\"@id\":\"https:\/\/www.tec4net.com\/web\/#website\"},\"datePublished\":\"2024-07-19T07:49:45+00:00\",\"dateModified\":\"2024-07-15T18:13:10+00:00\",\"description\":\"Unsere IT-Experten beraten Sie im Bereich Consulting, IT-Security und Datenschutz in M\u00fcnchen | tec4net GmbH - seit 2003\",\"breadcrumb\":{\"@id\":\"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\/\/www.tec4net.com\/web\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Sicherheitsl\u00fccke in WordPress-Plug-in: Beliebige Dateiuploads auf 150.000 Installationen m\u00f6glich\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tec4net.com\/web\/#website\",\"url\":\"https:\/\/www.tec4net.com\/web\/\",\"name\":\"tec4net\",\"description\":\"Ihr starker IT-Partner\",\"publisher\":{\"@id\":\"https:\/\/www.tec4net.com\/web\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tec4net.com\/web\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.tec4net.com\/web\/#organization\",\"name\":\"tec4net\",\"url\":\"https:\/\/www.tec4net.com\/web\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.tec4net.com\/web\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.tec4net.com\/web\/wp-content\/uploads\/2018\/12\/t4n_Logo_startseite.png\",\"contentUrl\":\"https:\/\/www.tec4net.com\/web\/wp-content\/uploads\/2018\/12\/t4n_Logo_startseite.png\",\"width\":178,\"height\":163,\"caption\":\"tec4net\"},\"image\":{\"@id\":\"https:\/\/www.tec4net.com\/web\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tec4net.com\/web\/#\/schema\/person\/eb2c0c81b5ce5b0320d91188184d409b\",\"name\":\"Matthias Walter\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.tec4net.com\/web\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c8945f23c3708dc375c12592ec9c9a7e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c8945f23c3708dc375c12592ec9c9a7e?s=96&d=mm&r=g\",\"caption\":\"Matthias Walter\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Sicherheitsl\u00fccke in Wordpress-Plug-in: Beliebige Dateiuploads auf 150.000 Installationen m\u00f6glich - tec4net","description":"Unsere IT-Experten beraten Sie im Bereich Consulting, IT-Security und Datenschutz in M\u00fcnchen | tec4net GmbH - seit 2003","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/","og_locale":"de_DE","og_type":"article","og_title":"Sicherheitsl\u00fccke in Wordpress-Plug-in: Beliebige Dateiuploads auf 150.000 Installationen m\u00f6glich - tec4net","og_description":"Unsere IT-Experten beraten Sie im Bereich Consulting, IT-Security und Datenschutz in M\u00fcnchen | tec4net GmbH - seit 2003","og_url":"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/","og_site_name":"tec4net","article_published_time":"2024-07-19T07:49:45+00:00","article_modified_time":"2024-07-15T18:13:10+00:00","author":"Matthias Walter","twitter_card":"summary_large_image","twitter_misc":{"Verfasst von":"Matthias Walter","Gesch\u00e4tzte Lesezeit":"2\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/#article","isPartOf":{"@id":"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/"},"author":{"name":"Matthias Walter","@id":"https:\/\/www.tec4net.com\/web\/#\/schema\/person\/eb2c0c81b5ce5b0320d91188184d409b"},"headline":"Sicherheitsl\u00fccke in WordPress-Plug-in: Beliebige Dateiuploads auf 150.000 Installationen m\u00f6glich","datePublished":"2024-07-19T07:49:45+00:00","dateModified":"2024-07-15T18:13:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/"},"wordCount":231,"publisher":{"@id":"https:\/\/www.tec4net.com\/web\/#organization"},"keywords":["IT-Sicherheits-Experten M\u00fcnchen","Modern Events Calendar","Penetrationstest M\u00fcnchen","Schadcode","Sicherheitsl\u00fccke","Wordfence","Wordpress-Plug-in"],"inLanguage":"de"},{"@type":"WebPage","@id":"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/","url":"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/","name":"Sicherheitsl\u00fccke in Wordpress-Plug-in: Beliebige Dateiuploads auf 150.000 Installationen m\u00f6glich - tec4net","isPartOf":{"@id":"https:\/\/www.tec4net.com\/web\/#website"},"datePublished":"2024-07-19T07:49:45+00:00","dateModified":"2024-07-15T18:13:10+00:00","description":"Unsere IT-Experten beraten Sie im Bereich Consulting, IT-Security und Datenschutz in M\u00fcnchen | tec4net GmbH - seit 2003","breadcrumb":{"@id":"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.tec4net.com\/web\/2024\/07\/19\/30713\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/www.tec4net.com\/web\/"},{"@type":"ListItem","position":2,"name":"Sicherheitsl\u00fccke in WordPress-Plug-in: Beliebige Dateiuploads auf 150.000 Installationen m\u00f6glich"}]},{"@type":"WebSite","@id":"https:\/\/www.tec4net.com\/web\/#website","url":"https:\/\/www.tec4net.com\/web\/","name":"tec4net","description":"Ihr starker IT-Partner","publisher":{"@id":"https:\/\/www.tec4net.com\/web\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tec4net.com\/web\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/www.tec4net.com\/web\/#organization","name":"tec4net","url":"https:\/\/www.tec4net.com\/web\/","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.tec4net.com\/web\/#\/schema\/logo\/image\/","url":"https:\/\/www.tec4net.com\/web\/wp-content\/uploads\/2018\/12\/t4n_Logo_startseite.png","contentUrl":"https:\/\/www.tec4net.com\/web\/wp-content\/uploads\/2018\/12\/t4n_Logo_startseite.png","width":178,"height":163,"caption":"tec4net"},"image":{"@id":"https:\/\/www.tec4net.com\/web\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.tec4net.com\/web\/#\/schema\/person\/eb2c0c81b5ce5b0320d91188184d409b","name":"Matthias Walter","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.tec4net.com\/web\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/c8945f23c3708dc375c12592ec9c9a7e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c8945f23c3708dc375c12592ec9c9a7e?s=96&d=mm&r=g","caption":"Matthias Walter"}}]}},"_links":{"self":[{"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/posts\/3255"}],"collection":[{"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/comments?post=3255"}],"version-history":[{"count":1,"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/posts\/3255\/revisions"}],"predecessor-version":[{"id":3285,"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/posts\/3255\/revisions\/3285"}],"wp:attachment":[{"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/media?parent=3255"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/categories?post=3255"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/tags?post=3255"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}