ND Booking <= 2.4 – Unauthenticated Options Change
More info:
https://wpvulndb.com/vulnerabilities/9494
Malicious Plugin Used to Encrypt WordPress Posts
http://feedproxy.google.com/~r/sucuri/blog/~3/KfFfwCGn5Tg/malicious-plugin-used-to-encrypt-wordpress-posts.html During a recent cleanup, we found an interesting malicious WordPress plugin, “WP Security”, that was being used to encrypt blog post content. The website owner complained of a newly installed and activated plugin on their website that was rendering their original content unreadable. The plugin encrypted posts with the ‘AES-256-CBC’ method by using the […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/KfFfwCGn5Tg/malicious-plugin-used-to-encrypt-wordpress-posts.html
Real Estate 7 <= 2.9.0 – Stored XSS & IDOR
More info:
https://wpvulndb.com/vulnerabilities/9492
Popup Builder <= 3.44 – SQL Injection
More info:
https://wpvulndb.com/vulnerabilities/9495
DSA-4491 proftpd-dfsg – security update
Tobias Maedel discovered that the mod_copy module of ProFTPD, aFTP/SFTP/FTPS server, performed incomplete permission validation forthe CPFR/CPTO commands.
More info:
https://www.debian.org/security/2019/dsa-4491
ND Donations <= 1.3 – Unauthenticated Options Change
More info:
https://wpvulndb.com/vulnerabilities/9493