Simple File List Plugin <= 3.2.4 – Unauthenticated Arbitrary File Download
More info:
https://wpvulndb.com/vulnerabilities/9287
Return to the City of Cron – Malware Infections on Joomla and WordPress
http://feedproxy.google.com/~r/sucuri/blog/~3/d8JMQVX8MLw/return-to-the-city-of-cron-malware-infections-on-joomla-and-wordpress.html We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had cleaned them. The persistence was being created by a cron that was scheduled to download malware from a third party domain. Persistent Malware Infection on WordPress and Joomla Websites […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/d8JMQVX8MLw/return-to-the-city-of-cron-malware-infections-on-joomla-and-wordpress.html
Hostel Plugin <= 1.1.3 – Unauthenticated Stored XSS
https://wpvulndb.com/vulnerabilities/9289
More info:
https://wpvulndb.com/vulnerabilities/9289
OS Command Injection Vulnerability Patched In WP Database Backup Plugin
https://www.wordfence.com/blog/2019/05/os-command-injection-vulnerability-patched-in-wp-database-backup-plugin/ Toward the end of April, an unnamed security researcher published details of an unpatched vulnerability in WP Database Backup, a WordPress plugin with over 70,000 users. The vulnerability, which was irresponsibly disclosed to the public before attempting to notify the plugin’s developers, was reported as a plugin configuration change flaw. A proof of concept […]
More info:
https://www.wordfence.com/blog/2019/05/os-command-injection-vulnerability-patched-in-wp-database-backup-plugin/
indeed-membership-pro (Ultimate Membership Pro) <=7.5 arbitrary media upload
https://wpvulndb.com/vulnerabilities/9293
More info:
https://wpvulndb.com/vulnerabilities/9293
Carts Guru – Unauthenticated Object Injection
https://wpvulndb.com/vulnerabilities/9292
More info:
https://wpvulndb.com/vulnerabilities/9292
Event Management Tickets Booking By Event Monster <= 1.0.5 – Stored XSS
https://wpvulndb.com/vulnerabilities/9290
More info:
https://wpvulndb.com/vulnerabilities/9290
Simple File List Plugin <= 3.2.4 – Authenticated Arbitrary File Delete
https://wpvulndb.com/vulnerabilities/9288
More info:
https://wpvulndb.com/vulnerabilities/9288
Simple File List Plugin <= 3.2.4 – Unauthenticated Arbitrary File Download
https://wpvulndb.com/vulnerabilities/9287
More info:
https://wpvulndb.com/vulnerabilities/9287
Privilege Escalation Flaw Present In Slick Popup Plugin
https://www.wordfence.com/blog/2019/05/privilege-escalation-flaw-present-in-slick-popup-plugin/ In April, our Threat Intelligence team identified a privilege escalation flaw present in the latest version of Slick Popup, a WordPress plugin with approximately 7,000 active installs. We notified the developers, a firm called Om Ak Solutions, who acknowledged the issue and informed us that a patch would be released. Per our disclosure policy, […]
More info:
https://www.wordfence.com/blog/2019/05/privilege-escalation-flaw-present-in-slick-popup-plugin/