{"id":52746,"date":"2017-10-06T13:46:16","date_gmt":"2017-10-06T05:46:16","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=52746"},"modified":"2017-10-06T15:22:45","modified_gmt":"2017-10-06T07:22:45","slug":"%e4%b8%80%e5%80%8b%e5%81%87%e5%a4%96%e6%8e%9b%e5%92%8c%e4%b8%89%e5%80%8b%e9%9b%b6%e6%99%82%e5%b7%ae%e6%bc%8f%e6%b4%9e%e9%8e%96%e5%ae%9awordpress","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=52746","title":{"rendered":"\u4e00\u500b\u5047\u5916\u639b\u548c\u4e09\u500b\u96f6\u6642\u5dee\u6f0f\u6d1e\u9396\u5b9aWordPress"},"content":{"rendered":"<p><strong>\u5047\u5916\u639b\u7a0b\u5f0f\u6703\u5728\u6bcf\u6b21\u7ba1\u7406\u54e1\u555f\u7528\u6642\u901a\u77e5\u653b\u64ca\u8005<\/strong><\/p>\n<p>\u71b1\u9580\u7684\u90e8\u843d\u683c\u5e73\u53f0WordPress\u6700\u8fd1\u51fa\u73fe\u5f8c\u9580\u548c<a href=\"https:\/\/blog.sucuri.net\/2017\/09\/fake-plugins-fake-security.html\">\u5047Wordpress\u5916\u639b\u7a0b\u5f0f<\/a>\uff0c\u8a72\u5f8c\u9580\u7a0b\u5f0f\u507d\u88dd\u6210\u4e00\u500b\u8d85\u904e100,000\u6b21\u7684\u5b89\u88dd\u7684\u9632\u5783\u573e\u8a0a\u606f\u5de5\u5177:<a href=\"https:\/\/wordpress.org\/plugins\/wp-spamshield\/\">WP-SpamShield Anti-Spam<\/a>;\u5192\u724c\u5916\u639b\u5247\u593e\u5e36<a href=\"https:\/\/www.wordfence.com\/blog\/2017\/10\/3-zero-day-plugin-vulnerabilities-exploited-wild\/\">\u4e09\u500b\u96f6\u6642\u5dee\u6f0f\u6d1e<\/a>\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/shutterstock_107248619.jpg\" \/><\/p>\n<p>\u6a19\u8a18\u70baX-WP-SPAM-SHIELD-PRO\u7684\u5f8c\u9580\u7a0b\u5f0f<a href=\"https:\/\/www.securityweek.com\/backdoor-masquerades-popular-wordpress-plugin\">\u64da\u5831<\/a>\u6703\u505c\u7528\u5176\u4ed6\u5b89\u5168\u76f8\u95dc\u5de5\u5177\u3001\u7aca\u53d6\u8cc7\u6599\u4e26\u52a0\u5165\u96b1\u85cf\u7684\u7ba1\u7406\u54e1\u5e33\u865f\u3002\u5b89\u5168\u7814\u7a76\u4eba\u54e1<a href=\"https:\/\/blog.sucuri.net\/2017\/09\/fake-plugins-fake-security.html\">\u767c\u73fe<\/a>\u5047\u5916\u639b\u7a0b\u5f0f\u6709\u770b\u4f3c\u6b63\u5e38\u7684\u7d50\u69cb\u548c\u6a94\u6848\u540d\u7a31\uff0c\u4f46\u5b83\u5011\u5176\u5be6\u90fd\u662f\u5047\u7684\u3002\u6b64\u5916\uff0c\u5f8c\u9580\u7a0b\u5f0f\u53ef\u4ee5\u8b93\u653b\u64ca\u8005\u4e0a\u50b3\u4efb\u4f55\u6771\u897f\u5230\u7db2\u7ad9\u4e0a\u3002<\/p>\n<p>\u5047\u5916\u639b\u7a0b\u5f0f\u6703\u5728\u6bcf\u6b21\u7ba1\u7406\u54e1\u555f\u7528\u6642\u901a\u77e5\u653b\u64ca\u8005\u3002\u5916\u639b\u7a0b\u5f0f\u4e2d\u6709\u4e00\u500b\u6a94\u6848\u540d\u70ba\u201cclass-social-facebook.php\u201d\uff0c\u770b\u8d77\u4f86\u4f3c\u4e4e\u662f\u7528\u4f86\u5c01\u9396\u53ef\u80fd\u7684Facebook\u5783\u573e\u8a0a\u606f\u3002\u4f46\u9032\u4e8b\u5be6\u5b83\u6703\u505c\u7528\u555f\u7528\u4e2d\u5916\u639b,\u5c0e\u81f4\u7db2\u7ad9\u7121\u6cd5\u6b63\u5e38\u4f7f\u7528\u3002\u53e6\u5916\u5169\u500b\u540d\u70ba\u201cclass-term-metabox-formatter.php\u201d\u548c\u201cclass-admin-user-profile.php\u201d\u5247\u88ab\u653b\u64ca\u8005\u7528\u4f86\u6536\u96c6\u8cc7\u6599\u3002<\/p>\n<p>\u9084\u6709\u4e00\u500b\u540d\u70ba\u201cplugin-header.php\u201d\u7684\u6a94\u6848\u5247\u6703\u65b0\u589e\u4e00\u500b\u7ba1\u7406\u54e1\u5e33\u865f\uff0c\u9019\u53ef\u4ee5\u8b93\u653b\u64ca\u8005\u522a\u9664\u6f0f\u6d1e\u653b\u64ca\u6a94\u6848\uff0c\u540c\u6642\u9084\u6703\u986f\u793a\u76ee\u6a19\u653b\u64ca\u7db2\u7ad9\u7684\u4f7f\u7528\u8005\u540d\u7a31\u3001\u5bc6\u78bc\u548c\u96fb\u5b50\u90f5\u4ef6\u3002<\/p>\n<p><!--more--><\/p>\n<p><strong>\u96f6\u6642\u5dee\u6f0f\u6d1e<\/strong><\/p>\n<p>\u540c\u6642\uff0c\u4f7f\u7528\u67d0\u4e9b\u5916\u639b\u7a0b\u5f0f\u7684\u7db2\u7ad9\u53ef\u80fd\u6210\u70ba\u53d7\u5bb3\u8005\uff0c\u56e0\u70ba\u5728\u4e00\u4e9bWordPress\u5916\u639b\u4e2d\u767c\u73fe\u96f6\u6642\u5dee\u6f0f\u6d1e\uff1aAppointments\uff0cRegistrationMagic-Custom Registration Forms\u548cFlickr Gallery\u3002<\/p>\n<p>\u88ab\u7a31\u70baPHP Object Injection Vulnerability Security 9.8\u7684\u6f0f\u6d1e\u53ef\u4ee5\u8b93\u653b\u64ca\u8005\u64cd\u7e31\u7db2\u7ad9\u4f86\u53d6\u5f97\u9060\u7aef\u6a94\u6848\uff08\u4e00\u500bPHP\u5f8c\u9580\u7a0b\u5f0f\uff09\u4e26\u5c07\u5176\u5132\u5b58\u5230\u60f3\u8981\u7684\u4f4d\u7f6e\u3002\u9019\u505a\u6cd5\u4e0d\u9700\u8981\u8eab\u4efd\u9a57\u8b49\u6216\u63d0\u5347\u6b0a\u9650\u3002\u5c0d\u65bc\u904b\u884cFlickr Gallery\u7684\u7db2\u7ad9\uff0c\u53ea\u9700\u8981\u5c07\u6f0f\u6d1e\u653b\u64ca\u78bc\u7528POST\u8acb\u6c42\u767c\u9001\u5230\u7db2\u7ad9\u6839\u7db2\u5740\u5c31\u53ef\u4ee5\u5b8c\u6210\u5de5\u4f5c\u3002\u81f3\u65bcAppointments\u548cRegistrationMagic-Custom Registration\uff0c\u8acb\u6c42\u8981\u767c\u9001\u5230admin-ajax.php\u3002\u5982\u679c\u653b\u64ca\u8005\u53ef\u4ee5\u9023\u5230\u5916\u639b\u7a0b\u5f0f\u7684\u5f8c\u9580\u5c31\u53ef\u4ee5\u63a7\u5236\u9019\u6709\u6f0f\u6d1e\u7684\u7db2\u7ad9\u3002<\/p>\n<p><strong>\u89e3\u6c7a\u65b9\u6848<\/strong><\/p>\n<p>\u767c\u73fe\u7684\u6f0f\u6d1e\u5df2\u7d93\u4e0b\u5217\u7248\u672c<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/three-wordpress-plugin-zero-days-exploited-in-the-wild\/\">\u4fee\u88dc<\/a>\uff1a<\/p>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/appointments\/\">Appointments<\/a> by WPMU Dev \uff08\u57282.2\u4fee\u5fa9\uff09<\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/flickr-gallery\/\">Flickr Gallery<\/a> by Dan Coulter \uff08\u57285.3\u4fee\u5fa9\uff09<\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/custom-registration-form-builder-with-submission-manager\/\">RegistrationMagic-Custom Registration Forms<\/a> by CMSHelpLive \uff08\u57287.9.3\u4fee\u5fa9\uff09<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>IT\u5c08\u696d\u4eba\u54e1\u548cWeb\u958b\u767c\u4eba\u54e1\/\u7a0b\u5f0f\u958b\u767c\u8005\u53ef\u4ee5\u900f\u904e\u4ee5\u4e0b\u6700\u4f73\u5be6\u4f5c\u4f86\u6e1b\u5c11\u7db2\u9801\u5e73\u53f0\uff08\u5982WordPress\uff09\u53ef\u80fd\u9762\u5c0d\u7684\u5a01\u8105\uff1a<\/p>\n<ul>\n<li>Web\u958b\u767c\u4eba\u54e1\u5fc5\u9808\u5047\u8a2d\u6240\u6709\u4f7f\u7528\u8005\u7522\u751f\u7684\u8f38\u5165\u90fd\u662f\u60e1\u610f\u7684\u3002\u52a0\u4ee5\u9a57\u8b49\u548c\u6d88\u6bd2\u662f\u5fc5\u9808\u7684\u3002\u767d\u540d\u55ae\uff08 \u62d2\u7d55\u767d\u540d\u55ae\u5916\u7684\u6240\u6709\u8f38\u5165\uff09\u662f\u53ef\u4ee5\u5b89\u5168\u8655\u7406\u8f38\u5165\u7684\u65b9\u5f0f\u4e4b\u4e00\u3002<\/li>\n<li>\u56b4\u683c\u9a57\u8b49CSS\u5c6c\u6027\u3001HTML\u5c6c\u6027\u548cXML\u89e3\u6790\u5668\u5167\u4e0d\u53d7\u4fe1\u4efb\u7684\u8cc7\u6599\uff08\u540c\u6642\u7dad\u6301\u7db2\u7ad9\/\u61c9\u7528\u7a0b\u5f0f\u5916\u89c0\uff09\uff0c\u9019\u5c0d\u5f37\u5316\u7db2\u9801\u61c9\u7528\u7a0b\u5f0f\/\u7db2\u9801\u4f86\u5c0d\u6297\u5165\u4fb5\u662f\u5fc5\u8981\u7684\u3002<\/li>\n<li>\u5fc5\u9808\u5b9a\u671f\u5b89\u88dd\u66f4\u65b0\u548c\u4fee\u88dc\u7a0b\u5f0f\u4f86\u9632\u6b62\u7cfb\u7d71\u548c\u8edf\u9ad4\u6f0f\u6d1e\u88ab\u653b\u64ca\u3002<\/li>\n<li>\u505c\u7528\u5916\u90e8\u89e3\u6790\u4e5f\u6709\u52a9\u65bc\u6e1b\u8f15\u57fa\u65bcXXE\u7684\u963b\u65b7\u670d\u52d9\u653b\u64ca\u3002<\/li>\n<li>\u958b\u767c\u4eba\u54e1\u61c9\u505c\u7528\u7db2\u7ad9\u3001\u8cc7\u6599\u5eab\u6216\u7db2\u9801\u61c9\u7528\u7a0b\u5f0f\u904b\u4f5c\u6240\u7528\u4e0d\u5230\u7684\u5143\u4ef6\u3002\u9019\u4e9b\u53ea\u6703\u589e\u52a0\u4f60\u7684\u53d7\u653b\u64ca\u9762\u3002<\/li>\n<li>\u4f7f\u7528\u9632\u706b\u7246\u3001\u5165\u4fb5\u5075\u6e2c\u548c\u9632\u79a6\u7cfb\u7d71\u3001<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/virtualization-and-cloud\/virtual-patching-in-mixed-environments-how-it-protects-you\/\">\u865b\u64ec\u4fee\u88dc<\/a>\u548c\u7db2\u5740\u5206\u985e\u4ee5\u53ca\u5f37\u5236\u6027\u4fee\u88dc\u7a0b\u5f0f\u7ba1\u7406\u653f\u7b56\u7b49\u505a\u6cd5\u53ef\u4ee5\u986f\u8457\u5730\u964d\u4f4e\u7cfb\u7d71\u53d7\u653b\u64ca\u9762\u3002<\/li>\n<li>IT\u5c08\u696d\u4eba\u54e1\u61c9\u5f37\u5236\u57f7\u884c\u6b0a\u9650\u7ba1\u7406\u653f\u7b56\u4ee5\u6e1b\u5c11\u9700\u8981\u7ba1\u7406\u6b0a\u9650\u624d\u80fd\u9032\u884c\u7684\u653b\u64ca\u3002\u958b\u767c\u4eba\u54e1\u4e5f\u540c\u6a23\u53ef\u4ee5\u9650\u5236\u7db2\u7ad9\/\u61c9\u7528\u7a0b\u5f0f\u5167\u7684\u4f7f\u7528\u8005\u6b0a\u9650\uff0c\u4e26\u4e14\u52a0\u5bc6\u6216\u6563\u5217\u767b\u5165\u6191\u8b49\u548c\u5176\u4ed6\u654f\u611f\u8cc7\u6599\uff08\u50cf\u662f\u9023\u7dda\u5b57\u4e32\uff09\u3002<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>\u8da8\u52e2\u79d1\u6280\u7684\u7aef\u9ede\u89e3\u6c7a\u65b9\u6848\uff08\u5982\u8da8\u52e2\u79d1\u6280<a href=\"https:\/\/www.trendmicro.tw\/tw\/business\/complete-software-protection\/index.html\">\u8da8\u52e2\u79d1\u6280 Smart Protection Suites<\/a>\u00a0\u548c<a href=\"https:\/\/t.rend.tw\/?i=NDI1OA==\">Worry-Free Pro<\/a>\uff09\u53ef\u4ee5\u5075\u6e2c\u548c\u5c01\u9396\u60e1\u610f\u6a94\u6848\u53ca\u6240\u6709\u76f8\u95dc\u60e1\u610f\u7db2\u5740\u4f86\u4fdd\u8b77\u7d42\u7aef\u7528\u6236\u548c\u4f01\u696d\u514d\u65bc\u9019\u4e9b\u5a01\u8105\u3002<\/p>\n<p>\u8da8\u52e2\u79d1\u6280\u7684<a href=\"https:\/\/t.rend.tw\/?i=Mzc4MQ\">\u8da8\u52e2\u79d1\u6280Deep Security<\/a>\u548c<a href=\"https:\/\/www.trendmicro.tw\/tw\/enterprise\/product-security\/vulnerability-protection\/\">\u8da8\u52e2\u79d1\u6280 Vulnerability Protection \u6f0f\u6d1e\u9632\u8b77<\/a>\u63d0\u4f9b<a href=\"https:\/\/www.trendmicro.com\/us\/enterprise\/product-security\/vulnerability-protection\/\">\u865b\u64ec\u4fee\u88dc<\/a>\u529f\u80fd\u4f86\u4fdd\u8b77\u4f3a\u670d\u5668\u548c\u7aef\u9ede\u514d\u65bc\u91dd\u5c0dWordPress\u5916\u639b\u6f0f\u6d1e\u7684\u5a01\u8105\u3002<a href=\"https:\/\/t.rend.tw\/?i=Mzk3OQ==\">\u8da8\u52e2\u79d1\u6280 OfficeScan<\/a>\u2122\u7684Vulnerability Protection\u53ef\u4ee5\u4fdd\u8b77\u7aef\u9ede\u5c0d\u6297\u53ef\u8b58\u5225\u53ca\u672a\u77e5\u7684\u6f0f\u6d1e\u653b\u64ca\uff0c\u751a\u81f3\u5728\u4fee\u88dc\u7a0b\u5f0f\u90e8\u7f72\u4e4b\u524d\u3002\u8da8\u52e2\u79d1\u6280\u7684<a href=\"https:\/\/t.rend.tw\/?i=NDIwMw==\">\u8da8\u52e2\u79d1\u6280Deep Discovery\u9032\u968e\u7db2\u8def\u5b89\u5168\u9632\u8b77<\/a>\u5229\u7528\u7279\u88fd\u5f15\u64ce\u3001\u5ba2\u88fd\u5316<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/deploying-a-smart-sandbox-for-unknown-threats-and-zero-day-attacks\/\">\u6c99\u7bb1<\/a>\u548c\u6a6b\u8de8\u6574\u500b\u653b\u64ca\u751f\u547d\u9031\u671f\u7684\u7121\u7e2b\u95dc\u806f\u6280\u8853\u4f86\u5c0d\u6f0f\u6d1e\u653b\u64ca\u9032\u884c\u5075\u6e2c\u3001\u6df1\u5165\u5206\u6790\u548c\u4e3b\u52d5\u5f0f\u56de\u61c9\uff0c\u751a\u81f3\u7121\u9808\u66f4\u65b0\u5f15\u64ce\u6216\u7279\u5fb5\u78bc\u5c31\u53ef\u4ee5\u5075\u6e2c\u5230\u5a01\u8105\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>@\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/vulnerabilities-and-exploits\/wordpress-woes-a-fake-plugin-and-three-zero-day-vulnerabilities-found\">WordPress Woes: A Fake Plugin and Three Zero-Day Vulnerabilities Found<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5047\u5916\u639b\u7a0b\u5f0f\u6703\u5728\u6bcf\u6b21\u7ba1\u7406\u54e1\u555f\u7528\u6642\u901a\u77e5\u653b\u64ca\u8005 \u71b1\u9580\u7684\u90e8\u843d\u683c\u5e73\u53f0WordPress\u6700\u8fd1\u51fa\u73fe\u5f8c\u9580\u548c\u5047Wordpress [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[156],"tags":[344,452,808],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/52746"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=52746"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/52746\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=52746"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=52746"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=52746"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}