Umphakathi we-WordPress uphinde uphakamise ama-alamu ngoba Ubungozi obubili kuma-plugin asetshenziswa kakhulu okungase kubeke engozini ukuphepha kwezinkulungwane zamawebhusayithi. Obunye bobungozi buthinta i-Anti-Malware Security kanye ne-plugin ye-Brute-Force Firewall; enye, iphakethe le-King Addons elidumile le-Elementor.
Kuzona zozimbili lezi zinhlaka, Izibuyekezo manje seziyatholakala. Futhi ochwepheshe batusa ukuwafaka ngaphandle kokulibala. Umthelela uyahlukahluka nge-plugin ngayinye, kodwa babelana nge-denominator efanayo: abahlaseli bangathola ukufinyelela okungagunyaziwe kuzinsiza zeseva noma lawula isayithi uma ama-patches engasetshenziswa.
Ukuvikeleka kwe-Anti-Malware kanye ne-Brute-Force Firewall: Ukufundwa Kwefayela (CVE-2025-11705)
I-plugin yezokuphepha ye-Anti-Malware, enokufakwa okungaphezu kuka-100.000, inenkinga yokuba sengozini okulandelelwa ngokuthi CVE‑2025‑11705 okuvumela umsebenzisi ogunyaziwe, ngisho nephrofayela yokubhalisa, ukufunda amafayela kuseva. Umsuka wenkinga usemisebenzini yangaphakathi GOTMLS_ajax_scan()lapho bekunokuntuleka kokuqinisekiswa kwekhono elanele lapho kucutshungulwa izicelo ze-AJAX.
Ukuba sengozini kukhonjwe umcwaningi. Dmitry Ignatyev futhi yabika ku-Wordfence Threat Intelligence. Ngenxa yokuphathwa kwethokheni (nonce), i ukuntuleka kokulawula imvumeNoma iyiphi i-akhawunti enokungena ngemvume okuvumelekile ingase icele ukuskena futhi ifinyelele okuqukethwe okubucayi.
Phakathi kwezinhloso eziheha kakhulu WP-config.phpLeli fayela ligcina imininingwane yesizindalwazi kanye nokhiye bokuqinisekisa. Ngalolu lwazi, umhlaseli angaqhubeka nezenzo ezifana nalezi khipha idatha, khohlisa okuqukethwe noma uzame umnyakazo omusha ngaphakathi kwengqalasizinda efanayo.
Umthuthukisi we-plugin, owaziwa ngokuthi Eli, ikhiphe inguqulo elungisiwe engu-4.23.83, enezela umsebenzi GOTMLS_kill_invalid_user() ukuze uqinisekise amakhono ngaphambi kokucubungula izicelo. I-Wordfence yabonisa ukuthi, okwamanje, Akukho ukuhlasela okusebenzayo okuboniweNokho, ukushicilela isinqumo kwandisa ingozi yokuxhashazwa uma singabuyekezwa.
- Okthoba 14: isaziso kunjiniyela ngethimba lezokuphepha le-WordPress.org.
- Okthoba 15: Ukukhishwa kwenguqulo 4.23.83 enezilawuli zamandla ezithuthukisiwe.
- Okulandiwe kwepheshi: cishe ukufakwa okungu-50.000 kubuyekeziwe; ivolumu efanayo ingase ihlale obala uma ukulungiswa kungasetshenziswa.
I-vector yokuhlasela ibalulekile ikakhulukazi kumasayithi ane ukubhaliswa komsebenzisi kuvuliwe (izinkundla, ubulungu, izincwadi zezindaba, njll.), lapho umgoqo wokungena ekudaleni ama-akhawunti anezimvume ezincane uphansi kakhulu.
I-King Addons ye-Elementor: Ukulayishwa Kwamafayela kanye Nokwenyuka Kwelungelo
Isengezo sezentengiso Inkosi Addons -okuyinto enweba i-Elementor ngamawijethi nezifanekiso- iveza amaphutha amabili abalulekile abhalwe yi-Patchstack: ukulayisha ifayela ngokungafanele ngaphandle kokuqinisekisa (CVE‑2025‑6327(ubunzima 10/10) kanye nokwenyuka kwamalungelo ngokusebenzisa isiphetho sokubhalisa (CVE‑2025‑6325, ubunzima 9,8/10).
Ngokusho kokwelulekwa, kokubili ubungozi bukhona isebenziseka kalula ekucushweni okufanayo futhi kungaholela ekuthathweni okuphelele kwesayithi noma ukwebiwa kwedatha. Umkhiqizi ushicilele inguqulo 51.1.37, eyethula uhlu lwezindima ezivunyelwe, ukufakwa kwe-sanitization, kanye nomphathi womthwalo odinga izimvume ezifanele kanye kuvumelekile impela uhlobo lwefayela.
Ngokufaka okusebenzayo okungaphezu kuka-10.000, i-King Addons isetshenziselwa ukusheshisa ukwakhiwa kwamakhasi. Yingakho nje, sebenzisa isichibi ngokushesha ngangokunokwenzeka Kuwukhiye ekuvimbeleni abalingisi abanonya ekulayisheni amafayela ayingozi noma amalungelo akhulayo kuma-akhawunti anezimvume eziningi kunalokho okufanele babe nazo.
Yini umhlaseli angayithola uma ungabuyekezi?
Ngamaphutha achaziwe, isitha singahlanganisa izinyathelo ezisukela ku- ukufunda buthule kolwazi kuze kufike futhi kuhlanganise nokulawula isayithi. Ukufinyelela ekuhlelweni okulayishwe ngabasebenzisi, isizindalwazi, noma uhla lwemibhalo kuvula uhla lwamathuba.
- Ukweba amagama ayimfihlo futhi uqalise ukuhlasela kwe-brute-force ungaxhunyiwe ku-inthanethi.
- Khipha idatha yomuntu siqu (ama-imeyili, amaphrofayili) anemithelela yobumfihlo engenzeka.
- Shintsha okokufaka noma faka ikhodi ukusabalalisa ugaxekile noma uhlelo olungayilungele ikhompuyutha.
- Faka iminyango yangemuva ukuphikelela ngisho nangemva kokuhlanza ingxenye.
- Ukunyakaza kwangemuva ekusingatheni okwabiwe kwamanye amasayithi kuseva efanayo.
Umthelela nezibopho eSpain nakuyo yonke i-EU
Kubalawuli abazinze e-Spain noma e-European Union, ukwephulwa kwedatha yomuntu siqu kungase kubangele izibopho ngaphansi RGPD, okuhlanganisa ukuhlolwa komthelela kanye, lapho kufanele, izaziso eziya kuziphathimandla nakubasebenzisi. Izinqubomgomo zangaphakathi kufanele zibuyekezwe futhi izingodo zomsebenzi Uma ukufinyelela okungagunyaziwe kusolwa, futhi uqinisekise ukuthi isayithi lakho likhona WordPress.org noma WordPress.com.
Ngaphandle kokuba okumangalisayo kodwa ngobuhlakani, kuwumqondo ukubeka phambili iziza nge ukubhaliswa kwe-akhawunti noma izindawo eziyimfihlo, njengoba imfuneko yokuqinisekisa ekwehlulekeni kwe-Anti-Malware ihlangabezwana namaphrofayela ayisisekelo kumaphothali amaningi.
Izenzo ezinconyiwe zabalawuli
Okokuqala nje ibuyekeza i-Anti-Malware ibe ngu-4.23.83 kanye neKing Addons ngo-51.1.37. Lesi sinyathelo sinqamula ama-vector aziwayo empandeni futhi sinciphisa ngokushesha indawo yokuhlasela.
- Ihoxisa amaseshini namathokheni ngemva kwesichibi, ikakhulukazi kumasayithi anokubhaliswa okuvulekile.
- Buyekeza amalogi yokufinyelela nokulayishwa kwamafayela kuseshwa umsebenzi ongaqondakali.
- Iqinisa izimvume yabasebenzisi futhi ikhubaze ukubhaliswa uma kungabalulekile.
- Ikhawulela ukwenza kuzinkhombandlela zokulayisha futhi uqinisekise izinhlobo ze-MIME kuseva.
- Isipele uhlelo lokuphendula ngesigameko oluqinisekisiwe nolubuyekeziwe.
Ukwengeza, ihlola izixazululo zokuqapha (i-WAF, izinhlu zokuvimba, izexwayiso zesikhathi sangempela) nezinqubomgomo ze ubuncane belungelo ama-akhawunti okuphatha kanye nezinsizakalo zangaphandle.
Isithombe esinganyakazi sicacile: namapeshi atholakalayo, Ukuzivikela okungcono kakhulu ukuvuselela manjeUkwenza ngokuzimisela, ukuhlola amarekhodi, nokuqinisa ukulawula kungenza umehluko phakathi kokwethusa kanye nesigameko esibi kakhulu.
