https://secupress.me/blog/wps-bidouille-v1-12-2-multiples-vulnerabilities/WPS Limit Login is edited by WP Serveur, WordPress french host. Criticity level for this update is medium. CSRF #1 File : /classes/plugin.php Line 355-358 Function count_notif() Issue : Lack of nonce token, we can here give this link to a logged-in administrator or include it in a hidden page with POST method: https://example.com/wp-admin/admin-ajax.php?action=count_notif with […]
More info:
https://secupress.me/blog/wps-bidouille-v1-12-2-multiples-vulnerabilities/
https://wpvulndb.com/vulnerabilities/9467
More info:
https://wpvulndb.com/vulnerabilities/9467
https://secupress.me/blog/wps-limit-login-v1-4-5-multiple-vulnerabilities/WPS Limit Login is edited by WP Serveur, WordPress french host. Criticity level for this update is medium. Protection ByPass File : /classes/plugin.php Method : get_address() Issue : This method will read the variable HTTP_X_FORWARDED_FOR which is, like its name says, a cross data with the browser (HTTP X (X = Cross)). It’s enough to […]
More info:
https://secupress.me/blog/wps-limit-login-v1-4-5-multiple-vulnerabilities/
https://www.wordfence.com/blog/2019/07/recent-wordpress-vulnerabilities-targeted-by-malvertising-campaign/ The Defiant Threat Intelligence team has identified a malvertising campaign which is causing victims’ sites to display unwanted popup ads and redirect visitors to malicious destinations, including tech support scams, malicious Android APKs, and sketchy pharmaceutical ads. This type of campaign is far from novel, but these attacks drew our attention. By targeting a […]
More info:
https://www.wordfence.com/blog/2019/07/recent-wordpress-vulnerabilities-targeted-by-malvertising-campaign/
https://www.wpwhitesecurity.com/wfcm-12-scan-now-button/Update 1.2 of the Website File Changes Monitor plugin for WordPress is available for download. In this update we have: Added a new Scan Now button to the main interface so you can launch instant file changes scans on your WordPress site with just a mouse click. Introduced a new setting to enable debug logging […]
More info:
https://www.wpwhitesecurity.com/wfcm-12-scan-now-button/
https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/WPS Limit Login is edited by WP Serveur, WordPress french host. Criticity level for this update is low. Protection ByPass #1 File : /classes/plugins.php Lines : 427 Issue : If the URL contains “action=confirmaction” it’s enough to acces the login page. Demo : https://example.com/wp-login.php?SECUPRESSaction=confirmaction Protection ByPass #2 File : /classes/plugins.php Lines : 477-480 Issue : […]
More info:
https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/
https://secupress.me/blog/wps-cleaner-v1-4-4-multiples-vulnerabilities/WPS Limit Login is edited by WP Serveur, WordPress french host. Criticity level for this update is high. Disclose File : /classes/plugin.php Line 1070 : $files = esc_attr( $_POST[‘files’] ); Issue : No control of the sent IDs to be sure they are attached media so we can change IDs to select any other (private […]
More info:
https://secupress.me/blog/wps-cleaner-v1-4-4-multiples-vulnerabilities/
http://feedproxy.google.com/~r/sucuri/blog/~3/DSHgli4gbJ0/reset-email-account-passwords-after-website-infection-follow-up.html In a previous analysis of a malicious file, we demonstrated why you should always update your email account passwords after a security compromise. The information security threat landscape is always changing. Likewise, the tools used by bad actors are also evolving to evade detection by IDS/IPS and other similar services. cPanel Hosting Environment File […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/DSHgli4gbJ0/reset-email-account-passwords-after-website-infection-follow-up.html
BIND vulnerability CVE-2019-6471 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a ...
More info:
https://support.f5.com/csp/article/K10092301
https://wpvulndb.com/vulnerabilities/9468
More info:
https://wpvulndb.com/vulnerabilities/9468
