{"id":17587,"date":"2022-04-27T16:36:03","date_gmt":"2022-04-27T13:36:03","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=17587"},"modified":"2022-04-27T16:36:03","modified_gmt":"2022-04-27T13:36:03","slug":"wordpress-eklentisinde-kritik-bir-guvenlik-acigi-bulundu","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=17587","title":{"rendered":"WordPress Eklentisinde, Kritik Bir G\u00fcvenlik A\u00e7\u0131\u011f\u0131 Bulundu"},"content":{"rendered":"<p>ThemeGrill taraf\u0131ndan sat\u0131lan ve fiyats\u0131z yahut premium temalarla birlikte gelen <strong>&#39;ThemeGrill Demo Importer&#39;<\/strong> eklentisinin kritik bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 i\u00e7erdi\u011fi ortaya \u00e7\u0131kt\u0131.\u00a0D\u00fcnya \u00e7ap\u0131nda 200.000&#39;den fazla sitede kullan\u0131lan tan\u0131nan WordPress tema eklentisi, web sitelerini ve bloglar\u0131\u00a0 uzaktan ataklara kar\u015f\u0131 tehlike alt\u0131nda b\u0131rak\u0131yor.<\/p>\n<p>ThemeGrill Demo Importer eklentisi, WordPress site y\u00f6neticilerinin ThemeGrill&#39;den demo i\u00e7eri\u011fi, widget&#39;lar ve ayarlar\u0131 i\u00e7e aktarmalar\u0131n\u0131 sa\u011fl\u0131yor ve kullan\u0131c\u0131lar\u0131n temay\u0131 s\u00fcratli bir formda <strong>\u00f6zelle\u015ftirmelerini<\/strong>\u00a0de kolayla\u015ft\u0131r\u0131yor. Fakat g\u00fcvenlik \u015firketi WebARX&#39;in raporuna g\u00f6re\u00a0eklenti ile bir ThemeGrill temas\u0131 y\u00fcklendi\u011finde ve etkinle\u015ftirildi\u011finde, kodu \u00e7al\u0131\u015ft\u0131ran kullan\u0131c\u0131n\u0131n kimli\u011finin do\u011frulan\u0131p do\u011frulanmad\u0131\u011f\u0131n\u0131 ve y\u00f6netici olup olmad\u0131\u011f\u0131\u00a0kontrol edilmeden kimi i\u015flevler\u00a0y\u00f6netici ayr\u0131cal\u0131klar\u0131yla ger\u00e7ekle\u015ftiriliyor.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/46\/ac4780636917dfccaef11495ccbb346ae7e4a968.jpeg\"\/><\/p>\n<p>Kelam konusu g\u00fcvenlik a\u00e7\u0131\u011f\u0131,\u00a0<strong>kimli\u011fi do\u011frulanmam\u0131\u015f<\/strong> siber sald\u0131rganlar\u0131n hedefledi\u011fi web sitelerinin t\u00fcm data taban\u0131n\u0131 silerek varsay\u0131lan duruma getirebilmesine yol a\u00e7abiliyor. Hacker&#39;lar, otomatik olarak <strong>y\u00f6netici olarak<\/strong> oturum a\u00e7\u0131p siteler \u00fczerinde tam denetim sa\u011flayabiliyorlar.<\/p>\n<p>\u00dcstteki ekran imaj\u0131nda,\u00a0kimlik do\u011frulama denetimi olmad\u0131\u011f\u0131 g\u00f6r\u00fcl\u00fcyor\u00a0ve yetkisiz eri\u015fim i\u00e7in \/wp-admin\/admin-ajax.php dahil olmak \u00fczere yaln\u0131zca WordPress&#39;in rastgele bir <strong>&#39;admin&#39;<\/strong> tabanl\u0131 URL&#39;si i\u00e7in do_reset_wordpress parametresi bulunmas\u0131 gerekiyor.\u00a0<strong>WebARX<\/strong> ara\u015ft\u0131rmac\u0131lar\u0131na g\u00f6re\u00a0g\u00fcvenlik a\u00e7\u0131\u011f\u0131, ThemeGrill Demo Importer eklentisinin son 3 y\u0131l i\u00e7inde yay\u0131nlanan\u00a01.3.4&#39;ten 1.6.1&#39;e kadar olan t\u00fcm s\u00fcr\u00fcmlerinde bulunuyor.<\/p>\n<p>WebARX&#39;in ThemeGrill geli\u015ftiricilerine\u00a0g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 bildirmesinin akabinde, <strong>16 \u015eubat&#39;<\/strong>ta eklentinin\u00a01.6.2 s\u00fcr\u00fcm\u00fc yay\u0131nland\u0131.\u00a0WordPress y\u00f6netici paneli, eklentiye g\u00fcncelleme geldi\u011finde y\u00f6neticileri otomatik olarak bilgilendiriyor.\u00a0<\/p>\n<div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>ThemeGrill taraf\u0131ndan sat\u0131lan ve fiyats\u0131z yahut premium temalarla birlikte gelen &#39;ThemeGrill Demo Importer&#39; eklentisinin kritik bir &#8230;<\/p>\n","protected":false},"author":1,"featured_media":17588,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[1059,3090],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/17587"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=17587"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/17587\/revisions"}],"predecessor-version":[{"id":17589,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/17587\/revisions\/17589"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/17588"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=17587"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=17587"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=17587"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}