Day: 30 mayo, 2019

https://wpvulndb.com/vulnerabilities/9289 More info: https://wpvulndb.com/vulnerabilities/9289

https://wpvulndb.com/vulnerabilities/9292 More info: https://wpvulndb.com/vulnerabilities/9292

https://wpvulndb.com/vulnerabilities/9293 More info: https://wpvulndb.com/vulnerabilities/9293

https://wpvulndb.com/vulnerabilities/9288 More info: https://wpvulndb.com/vulnerabilities/9288

https://www.wordfence.com/blog/2019/05/os-command-injection-vulnerability-patched-in-wp-database-backup-plugin/ Toward the end of April, an unnamed security researcher published details of an unpatched vulnerability in WP Database Backup, a WordPress plugin with over 70,000 users. The vulnerability, which was irresponsibly disclosed to the public before attempting to notify the plugin’s developers, was reported as a plugin configuration change flaw. A proof of concept […] More info: https://www.wordfence.com/blog/2019/05/os-command-injection-vulnerability-patched-in-wp-database-backup-plugin/

https://wpvulndb.com/vulnerabilities/9287 More info: https://wpvulndb.com/vulnerabilities/9287

https://www.wordfence.com/blog/2019/05/privilege-escalation-flaw-present-in-slick-popup-plugin/ In April, our Threat Intelligence team identified a privilege escalation flaw present in the latest version of Slick Popup, a WordPress plugin with approximately 7,000 active installs. We notified the developers, a firm called Om Ak Solutions, who acknowledged the issue and informed us that a patch would be released. Per our disclosure policy, […] More info: https://www.wordfence.com/blog/2019/05/privilege-escalation-flaw-present-in-slick-popup-plugin/

https://www.wordfence.com/blog/2019/05/podcast-episode-17-3-severe-wordpress-plugin-vulnerabilities/ Mikey Veenstra joins us to talk about three WordPress plugins with severe vulnerabilities affecting well over 150,000 WordPress installations. Two plugins have been patched, one has not. With Mark under deadline for a film project, Mikey also talks some security news with Kathy. We cover a Docker vulnerability, anatomy of a SIM port attack, […] More info: https://www.wordfence.com/blog/2019/05/podcast-episode-17-3-severe-wordpress-plugin-vulnerabilities/

https://www.wordfence.com/blog/2019/05/critical-vulnerability-patched-in-popular-convert-plus-plugin/ Description: Unauthenticated Administrator CreationCVSS v3.0 Score: 10.0 (Critical)CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HAffected Plugin: Convert PlusPlugin Slug: convertplugAffected Versions: <= 3.4.2Patched Version: 3.4.3 On Friday May 24th, our Threat Intelligence team identified a vulnerability present in Convert Plus, a commercial WordPress plugin with an More info: https://www.wordfence.com/blog/2019/05/critical-vulnerability-patched-in-popular-convert-plus-plugin/

http://feedproxy.google.com/~r/sucuri/blog/~3/d8JMQVX8MLw/return-to-the-city-of-cron-malware-infections-on-joomla-and-wordpress.html We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had cleaned them. The persistence was being created by a cron that was scheduled to download malware from a third party domain. Persistent Malware Infection on WordPress and Joomla Websites […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/d8JMQVX8MLw/return-to-the-city-of-cron-malware-infections-on-joomla-and-wordpress.html