https://www.wordfence.com/blog/2019/05/podcast-episode-17-3-severe-wordpress-plugin-vulnerabilities/ Mikey Veenstra joins us to talk about three WordPress plugins with severe vulnerabilities affecting well over 150,000 WordPress installations. Two plugins have been patched, one has not. With Mark under deadline for a film project, Mikey also talks some security news with Kathy. We cover a Docker vulnerability, anatomy of a SIM port attack, […]
More info:
https://www.wordfence.com/blog/2019/05/podcast-episode-17-3-severe-wordpress-plugin-vulnerabilities/
https://www.wordfence.com/blog/2019/05/critical-vulnerability-patched-in-popular-convert-plus-plugin/ Description: Unauthenticated Administrator CreationCVSS v3.0 Score: 10.0 (Critical)CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HAffected Plugin: Convert PlusPlugin Slug: convertplugAffected Versions: <= 3.4.2Patched Version: 3.4.3 On Friday May 24th, our Threat Intelligence team identified a vulnerability present in Convert Plus, a commercial WordPress plugin with an
More info:
https://www.wordfence.com/blog/2019/05/critical-vulnerability-patched-in-popular-convert-plus-plugin/
https://www.wordfence.com/blog/2019/05/critical-vulnerability-patched-in-popular-convert-plus-plugin/ Description: Unauthenticated Administrator CreationCVSS v3.0 Score: 10.0 (Critical)CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HAffected Plugin: Convert PlusPlugin Slug: convertplugAffected Versions: <= 3.4.2Patched Version: 3.4.3 On Friday May 24th, our Threat Intelligence team identified a vulnerability present in Convert Plus, a commercial WordPress plugin with an
More info:
https://www.wordfence.com/blog/2019/05/critical-vulnerability-patched-in-popular-convert-plus-plugin/
https://wpvulndb.com/vulnerabilities/9289
More info:
https://wpvulndb.com/vulnerabilities/9289
https://wpvulndb.com/vulnerabilities/9292
More info:
https://wpvulndb.com/vulnerabilities/9292
https://wpvulndb.com/vulnerabilities/9293
More info:
https://wpvulndb.com/vulnerabilities/9293
https://wpvulndb.com/vulnerabilities/9288
More info:
https://wpvulndb.com/vulnerabilities/9288
https://www.wordfence.com/blog/2019/05/os-command-injection-vulnerability-patched-in-wp-database-backup-plugin/ Toward the end of April, an unnamed security researcher published details of an unpatched vulnerability in WP Database Backup, a WordPress plugin with over 70,000 users. The vulnerability, which was irresponsibly disclosed to the public before attempting to notify the plugin’s developers, was reported as a plugin configuration change flaw. A proof of concept […]
More info:
https://www.wordfence.com/blog/2019/05/os-command-injection-vulnerability-patched-in-wp-database-backup-plugin/
https://wpvulndb.com/vulnerabilities/9287
More info:
https://wpvulndb.com/vulnerabilities/9287
https://www.wordfence.com/blog/2019/05/privilege-escalation-flaw-present-in-slick-popup-plugin/ In April, our Threat Intelligence team identified a privilege escalation flaw present in the latest version of Slick Popup, a WordPress plugin with approximately 7,000 active installs. We notified the developers, a firm called Om Ak Solutions, who acknowledged the issue and informed us that a patch would be released. Per our disclosure policy, […]
More info:
https://www.wordfence.com/blog/2019/05/privilege-escalation-flaw-present-in-slick-popup-plugin/
