https://www.wordfence.com/blog/2019/03/hackers-abusing-recently-patched-vulnerability-in-easy-wp-smtp-plugin/ Over the weekend, a vulnerability was disclosed and patched in the popular WordPress plugin Easy WP SMTP. The plugin allows users to configure SMTP connections for outgoing email, and has a userbase of over 300,000 active installs. The vulnerability is only present in version 1.3.9 of the plugin, and all of the plugin’s users […]
More info:
https://www.wordfence.com/blog/2019/03/hackers-abusing-recently-patched-vulnerability-in-easy-wp-smtp-plugin/
http://feedproxy.google.com/~r/sucuri/blog/~3/-B2vzWRdr44/0day-vulnerability-in-easy-wp-smtp-affects-thousands-of-sites.html The Easy WP SMTP plugin authors have released a new update, fixing a very critical 0day vulnerability. When leveraged, this vulnerability gives unauthenticated attackers the power to modify any options of an affected site — ultimately leading to a complete site compromise. The vulnerability, found only in version 1.3.9, has been seen exploited in […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/-B2vzWRdr44/0day-vulnerability-in-easy-wp-smtp-affects-thousands-of-sites.html
It was discovered that missing input sanitising in the file module ofDrupal, a fully-featured content management framework, could result incross-site scripting.
More info:
https://www.debian.org/security/2019/dsa-4412
A heap-based buffer overflow was discovered in NTFS-3G, a read-writeNTFS driver for FUSE. A local user can take advantage of this flaw forlocal root privilege escalation.
More info:
https://www.debian.org/security/2019/dsa-4413
Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode.
More info:
https://www.debian.org/security/2019/dsa-4411
A memory disclosure vulnerability was discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in informationdisclosure or bypass of sandbox restrictions.
More info:
https://www.debian.org/security/2019/dsa-4410
http://feedproxy.google.com/~r/sucuri/blog/~3/LIKIlIMIgq0/zero-day-stored-xss-in-social-warfare.html A zero-day vulnerability has just appeared in the WordPress plugin world, affecting over 70,000 sites using the Social Warfare plugin. The plugin is vulnerable to a Stored XSS (Cross-Site Scripting) vulnerability and has been removed from the plugin repository. Attacks can be conducted by any users visiting the site. A patch has been released […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/LIKIlIMIgq0/zero-day-stored-xss-in-social-warfare.html
