ECPay Logistics for WooCommerce <= 1.2.181030 – Unauthenticated Reflected XSS
More info:
https://wpvulndb.com/vulnerabilities/9869
WordPress <= 5.2.2 – Cross-Site Scripting (XSS) in URL Sanitisation
https://wpvulndb.com/vulnerabilities/9867
More info:
https://wpvulndb.com/vulnerabilities/9867
QEMU vulnerability CVE-2019-14378
QEMU vulnerability CVE-2019-14378 Security Advisory Security Advisory Description ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles ...
More info:
https://support.f5.com/csp/article/K25423748
Episode 43: Wordfence Research on Malvertising Campaign Makes the News
https://www.wordfence.com/blog/2019/09/episode-43-wordfence-research-on-malvertising-campaign-makes-the-news/ This week, we chat about the plan for WordPress 5.3 and some of the new features we will see added to WordPress in November, including many improvements to the editor. We will also see a switch from robots.txt files to meta tags for better control over search engine indexing. We also cover the latest […]
More info:
https://www.wordfence.com/blog/2019/09/episode-43-wordfence-research-on-malvertising-campaign-makes-the-news/
The WordPress 5.2.3 Security Release Unpacked
https://www.wordfence.com/blog/2019/09/the-wordpress-5-2-3-security-release-unpacked/ WordPress core version 5.2.3 has just been released. This is a security release which contains several fixes. I’m going to detail each of them below and unpack what each fix means and add any additional info that may be relevant. Seven of the eight vulnerabilities fixed in this release are cross site scripting (XSS) vulnerabilities. […]
More info:
https://www.wordfence.com/blog/2019/09/the-wordpress-5-2-3-security-release-unpacked/
ECPay Logistics for WooCommerce <= 1.2.181030 – Unauthenticated Reflected XSS
https://wpvulndb.com/vulnerabilities/9869
More info:
https://wpvulndb.com/vulnerabilities/9869
My VMworld Experience as a VMware Intern
Takeaways from VMworld 2019 as an Intern VMworld 2019 has been marked on my calendar since the first day of my internship, and it certainly did not disappoint. As you have probably already heard, VMworld 2019 was a huge success! VMworld kicked off Sunday, August 25th as attendees registered and visited the Solutions Exchange to The post My VMworld Experience as a VMware Intern appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2019/09/my-vmworld-experience-as-a-vmware-intern.html
API Bearer Auth <= 20181229 – Unauthenticated Reflected XSS
https://wpvulndb.com/vulnerabilities/9868
More info:
https://wpvulndb.com/vulnerabilities/9868
Throwback Threat Thursday: Joomla GoogleMaps Plugin SEO Spam Injection
http://feedproxy.google.com/~r/sucuri/blog/~3/nKY8Utu9KJ0/throwback-threat-thursday-joomla-googlemaps-plugin-seo-spam-injection.html When our tools don’t automatically detect and clean malicious code, that’s when we start our investigation process—and the majority of these research findings end up on the blog or as a Labs note. However, other times we update our tools to automatically detect and remediate the malware, then stash the code sample in our […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/nKY8Utu9KJ0/throwback-threat-thursday-joomla-googlemaps-plugin-seo-spam-injection.html
Interview with Ivica Delic on WordPress professionals & security
https://www.wpwhitesecurity.com/interview-ivica-delic-wordpress-professionals-security/So far we have only interviewed people who understand and work in application and WordPress security. We have always heard the vendors’ voice. However, in this interview we took a different approach. We interviewed Ivica Delic, a WordPress professional about security. The scope of this interview is to better understand how WordPress professionals, to whom […]
More info:
https://www.wpwhitesecurity.com/interview-ivica-delic-wordpress-professionals-security/