Uluntu lwe-WordPress luphinda luphakamise ii-alamu kuba Ubuthathaka obubini kwiiplagi ezisetyenziswa ngokubanzi ezinokubeka esichengeni ukhuseleko lwamawaka ewebhusayithi. Obunye bobuthathaka buchaphazela uKhuseleko lwe-Anti-Malware kunye ne-plugin ye-Brute-Force Firewall; enye, iphakheji eyaziwayo yeKing Addons ye-Elementor.
Kuzo zombini iimeko, Uhlaziyo luyafumaneka ngoku. Kwaye iingcali zincoma ukuzifaka ngaphandle kokulibazisa. Impembelelo iyahluka kwiplagin nganye, kodwa babelana ngedinomineyitha efanayo: abahlaseli banokufumana ukufikelela okungagunyaziswanga kwimithombo yomncedisi okanye thatha ulawulo lwesiza ukuba iipetshi azifakwanga.
Ukhuseleko lwe-Anti-Malware kunye ne-Brute-Force Firewall: Ukufundwa kweFayile (CVE-2025-11705)
Iplagi yokhuseleko yeAnti-Malware, enofakelo olungaphezulu kwe-100.000, inengxaki yobuthathaka obulandelwa CVE‑2025‑11705 evumela umsebenzisi oqinisekisiweyo, kunye neprofayile yomrhumi, ukufunda iifayile kumncedisi. Ingcambu yengxaki ilele kumsebenzi wangaphakathi GOTMLS_ajax_scan()apho bekukho ukunqongophala kokuqinisekiswa kwesakhono esaneleyo xa kusetyenzwa izicelo ze-AJAX.
Ukuba sesichengeni kwachongwa ngumphandi. NguDmitry Ignatyev kwaye ingxelo Wordfence Threat Intelligence. Ngenxa yolawulo lwethokheni (engekhoyo), i ukungabikho kolawulo lwemvumeNayiphi na iakhawunti enegama lokungena elisebenzayo inokubhenela ukuskena kwaye ifikelele kumxholo obuthathaka.
Phakathi kwezona njongo zinomtsalane kuku WP-config.phpLe fayile igcina iziqinisekiso zesiseko sedata kunye nezitshixo zoqinisekiso. Ngolu lwazi, umhlaseli unokuqhubeka nezenzo ezinje khupha idatha, lawula umxholo okanye uzame iintshukumo ezintsha ngaphakathi kweziseko ezingundoqo ezifanayo.
Umphuhlisi weplagin, owaziwa ngokuba uEli, wakhulula inguqulo elungisiweyo 4.23.83, eyongeza umsebenzi GOTMLS_kill_invalid_user() ukuqinisekisa ubunakho phambi kokuba kuqhutywe izicelo. I-Wordfence ibonise ukuba, okwangoku, Akukho kuhlaselwa okusebenzayo kuye kwabonwaNangona kunjalo, ukupapasha isigwebo kwandisa umngcipheko wokuxhatshazwa ukuba awuhlaziywa.
- Oktobha 14: isaziso kumphuhlisi ngokusebenzisa iqela lokhuseleko le-WordPress.org.
- Oktobha 15: Ukukhutshwa kwenguqulo 4.23.83 enolawulo oluphuculweyo lwesikhundla.
- Ukhutshelwe umthwalo: malunga nama-50.000 ofakelo luye lwahlaziywa; umthamo ofanayo unokuhlala eveziwe ukuba ukulungiswa akwenziwanga.
I-vector yohlaselo ibaluleke kakhulu kwiindawo ezine ubhaliso lomsebenzisi luvuliwe (iiforamu, ubulungu, iincwadana zeendaba, njl.), apho umqobo wokungena ekudaleni ii-akhawunti ezineemvume ezincinci ziphantsi kakhulu.
I-King Addons ye-Elementor: ukuFakwa kweFayile kunye nokuNyuswa kweLungelo
Isongezo sorhwebo UKumkani uAdoni -eyandisa i-Elementor ngamawijethi kunye neetemplates- iveza iimpazamo ezimbini ezibalulekileyo ezibhalwe yiPatchstack: ukulayishwa kwefayile ngokungekho mthethweni ngaphandle kokuqinisekiswa (CVE‑2025‑6327(ubunzima 10/10) kunye nokunyuswa kwamalungelo ngokusebenzisa i isiphelo sobhaliso (CVE‑2025‑6325, ubukhali 9,8/10).
Ngokwengcebiso, zombini ubuthathaka zisebenziseka ngokulula kuqwalaselo oluqhelekileyo kwaye kunokukhokelela ekuthathweni kwesayithi ngokupheleleyo okanye ukubiwa kwedatha. Umvelisi upapashe inguqulelo 51.1.37, eyazisa uluhlu lweendima ezivumelekileyo, igalelo lokucoca, kunye nomphathi womthwalo ofuna iimvume ezifanelekileyo kunye ngokungqongqo uhlobo lwefayile.
Ngofakelo olungaphezulu kwe-10.000 olusebenzayo, iKing Addons isetyenziselwa ukukhawulezisa uyilo lwephepha. Yiyo kanye loo nto, sebenzisa ipatch ngokukhawuleza Kungundoqo ekuthinteleni abadlali abakhohlakeleyo ekufakeni iifayile eziyingozi okanye amalungelo akhulayo kwiiakhawunti ezineemvume ezininzi kunokuba kufuneka babe nazo.
Umhlaseli unokufezekisa ntoni ukuba awuhlaziyi?
Ngeziphene ezichaziweyo, umchasi unokuhlanganisa amanyathelo ukusuka kwi- ukufunda ngokuthe cwaka kolwazi ukuya kuthi ga kunye nokubandakanya ulawulo lwesiza. Ukufikelela kuqwalaselo olulayishwe ngumsebenzisi, oovimba beenkcukacha, okanye abalawuli bavula uluhlu olunokwenzeka.
- Ukuba igama eliyimfihlo kwaye uqalise uhlaselo lwe-brute-force ngaphandle kwe-intanethi.
- Khipha idatha yomntu (ii-imeyile, iiprofayili) ezineempembelelo zabucala ezinokubakho.
- Guqula amagalelo okanye utofe ikhowudi ukusasaza i-spam okanye i-malware.
- Faka iingcango zangasemva ukuzingisa nasemva kokucoca ngokuyinxenye.
- Intshukumo yasemva ekubanjweni okwabelwana ngako kwezinye iisayithi kwiseva enye.
Impembelelo kunye nezibophelelo eSpain kunye nayo yonke i-EU
Kubalawuli abaseSpain okanye kwiManyano yaseYurophu, ukophulwa kwedatha yobuqu kunokubangela izibophelelo phantsi RGPD, kubandakanywa uvavanyo lwempembelelo kunye, apho kufanelekileyo, izaziso eziya kwabasemagunyeni kunye nabasebenzisi. Imigaqo-nkqubo yangaphakathi kufuneka iqwalaselwe kwaye logs umsebenzi Ukuba ukufikelela okungagunyaziswanga kurhanelwa, kwaye uqinisekise ukuba indawo yakho WordPress.org okanye WordPress.com.
Ngaphandle kokumangalisa kodwa ngobulumko, kunengqiqo ukubeka phambili iisayithi nge ukubhaliswa kweakhawunti okanye imimandla yabucala, ekubeni imfuno yoqinisekiso kwi-Anti-Malware ukusilela ihlangatyezwane neeprofayile ezisisiseko kwiiphothali ezininzi.
Iintshukumo ezicetyiswayo kubalawuli
Okokuqala ihlaziya iAnti-Malware ukuya 4.23.83 kunye neKing Addons ngo-51.1.37. Eli nyathelo linqumla ii-vectors ezaziwayo ezingcanjini kwaye ngokukhawuleza linciphisa umphezulu wohlaselo.
- Irhoxisa iiseshini kunye namathokheni emva kwepatch, ngakumbi kwiindawo ezinobhaliso oluvulekileyo.
- Phonononga iinkuni yofikelelo kunye nokulayishwa kwefayile kukhangelwa umsebenzi ongaqhelekanga.
- Iqinisa iimvume yabasebenzisi kwaye ikhubaze ubhaliso ukuba ayibalulekanga.
- Ithintela ukuphunyezwa kuluhlu lwabalawuli kwaye uqinisekise iindidi ze-MIME kumncedisi.
- Ugcino isicwangciso sokuphendula esiqinisekisiweyo nesihlaziyiweyo.
Ukongeza, ivavanya izisombululo zokubeka iliso (i-WAF, uluhlu lweebhloko, izilumkiso zexesha langempela) kunye nemigaqo-nkqubo ye. ubuncinci ilungelo kwiiakhawunti zolawulo kunye neenkonzo zangaphandle.
Umfanekiso omileyo ucacile: ngamabala akhoyo, Eyona ndlela yokuzikhusela kukuhlaziya ngokuUkwenza ngenkuthalo, ukujonga iirekhodi, kunye nokomeleza ulawulo kunokwenza umahluko phakathi koloyiko kunye nesiganeko esibi kakhulu.
