{"id":4789,"date":"2023-05-13T19:29:35","date_gmt":"2023-05-13T17:29:35","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=4789"},"modified":"2023-05-14T10:29:51","modified_gmt":"2023-05-14T08:29:51","slug":"ugrozeno-milion-wordpress-stranica","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/05\/13\/ugrozeno-milion-wordpress-stranica\/","title":{"rendered":"Ugro\u017eeno milion WordPress stranica"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Sigurnosni istra\u017eiva\u010di su otkrili da je ugro\u017eeno milion <em>WordPress<\/em> stranica koji upotrebljavaju <em>Essential<\/em> dodatak za <em>Elementor<\/em> <em>WordPress<\/em>.<\/span><\/p>\n<div id=\"attachment_4792\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4792\" class=\"size-full wp-image-4792\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/Elementor-WordPress-plugin.jpg\" alt=\"Elementor WordPress plugin\" width=\"1024\" height=\"638\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/Elementor-WordPress-plugin.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/Elementor-WordPress-plugin-300x187.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/Elementor-WordPress-plugin-768x479.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/Elementor-WordPress-plugin-18x12.jpg 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4792\" class=\"wp-caption-text\"><em>Ugro\u017eeno milion WordPress stranica; Dizajn: Sa\u0161a \u0110uri\u0107<\/em><\/p><\/div>\n<h2><span style=\"font-size: 14pt;\"><strong>Ranjivost<\/strong><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Sa preko milion instalacija, dodatak <em>Essential<\/em> za <em>Elementor<\/em> pro\u0161iruju osnovne mogu\u0107nosti\u00a0 <em>Elementor<\/em> dodatka za <em>WordPress<\/em>. Uo\u010dena ranjivost u ovom dodatku je ozna\u010dena <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2023-32243\" target=\"_blank\" rel=\"noopener\"><em>CVE-2023-32243<\/em><\/a> (sa <em>CVSS<\/em> ocjenom 9.8) i ozna\u010dena je kao kriti\u010dna ranjivost koja omogu\u0107ava neovla\u0161tenu zloupotrebu privilegija koja mo\u017ee napada\u010du omogu\u0107iti da preuzme bilo koji korisni\u010dki nalog. Smatra se da je ova ranjivost prisutna od verzije<em> 5.4.0<\/em> ovog dodatka.<\/span><\/p>\n<blockquote><p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\"><em>\u201cMoguc\u0301e je resetovati lozinku bilo kog korisnika sve dok znamo njegovo korisni\u010dko ime i tako mo\u017eemo resetovati lozinku administratora i prijaviti se na njihov nalog.\u201d<\/em><\/span><\/p>\n<p style=\"text-align: right;\"><span style=\"font-size: 14pt;\"><em>\u00a0<\/em><\/span><span style=\"font-size: 14pt;\"><em>&#8211; <\/em><a href=\"https:\/\/patchstack.com\/articles\/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites\/\" target=\"_blank\" rel=\"noopener\"><em>Sigurnosni istra\u017eiva\u010d Rafie Muhammad<\/em><\/a><em> &#8211;<\/em><\/span><\/p>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Ovo mo\u017ee biti ozbiljan problem, jer se ova ranjivost mo\u017ee iskoristiti za resetovanje lozinke administratorskog naloga, \u0161to zlonamjernim napada\u010dima mo\u017ee omogu\u0107iti potpunu kontrolu nad mre\u017enom lokacijom. Ranjivost je otkrivena 8. maja i autor dodatka je odmah upoznat sa njom, tako da je 11. maja objavljena <a href=\"https:\/\/essential-addons.com\/elementor\/changelog\/\" target=\"_blank\" rel=\"noopener\">verzija <em>5.7.2<\/em><\/a> koja ispravlja ovu ranjivost.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"font-size: 14pt;\"><strong>Otklanjanje ranjivosti<\/strong><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Autor dodatka je, prema dostupnim informacijama, adekvatno izvr\u0161io ispravljanje ranjivosti dodaju\u0107i funkciju\u00a0 koja vr\u0161i provjeru i legitimnost klju\u010deva za resetovanje lozinke. Korisnicima se preporu\u010duje da \u0161to prije preuzmu a\u017euriranu verziju <em>Essential<\/em> dodatka za <em>Elementor<\/em> verziju <em>5.7.2<\/em>.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Koliko je ovo ozbiljan problem govori i podatak kompanije <em>Defiant<\/em> koja razvija sigurnosni dodatak <em>Wordfence<\/em> za <em>WordPress:<\/em><\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>\u00a0<\/em><\/span><\/p>\n<blockquote><p><span style=\"font-size: 14pt;\"><em>\u201cWordfence je blokirao 151 napad usmjeren na ovu ranjivost u posljednja 24 sata.\u201d<\/em><\/span><\/p>\n<p style=\"text-align: right;\"><span style=\"font-size: 14pt;\"><em>\u00a0<\/em><\/span><span style=\"font-size: 14pt;\"><em>&#8211; <\/em><a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/essential-addons-for-elementor-lite\/essential-addons-for-elementor-571-unauthenticated-arbitrary-password-reset-to-privilege-escalation\" target=\"_blank\" rel=\"noopener\"><em>Defiant<\/em><\/a><\/span><em><span style=\"font-size: 14pt;\"> &#8211;<\/span> <\/em><\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Sigurnosni istra\u017eiva\u010di su otkrili da je ugro\u017eeno milion WordPress stranica koji upotrebljavaju Essential dodatak za Elementor WordPress. Ranjivost Sa preko milion instalacija, dodatak Essential za Elementor pro\u0161iruju osnovne mogu\u0107nosti\u00a0 Elementor dodatka za WordPress. Uo\u010dena&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":4792,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[325,367,259],"class_list":["post-4789","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-elementor","tag-essential","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4789","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=4789"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4789\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/4792"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=4789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=4789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=4789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}