Day: 20 febrero, 2020

https://www.wordfence.com/blog/2020/02/vulnerability-in-wpcentral-plugin-leads-to-privilege-escalation/ Description: Improper Access Control to Privilege EscalationAffected Plugin: wpCentralAffected Versions: <= 1.5.0CVE ID: CVE-2020-9043CVSS Score: 8.8 (High)CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HPatched Version: 1.5.1 On February 13th, our Threat Intelligence team discovered a vulnerability in wpCentral, a WordPress plugin installed on over 60,000 sites. The flaw allowed More info: https://www.wordfence.com/blog/2020/02/vulnerability-in-wpcentral-plugin-leads-to-privilege-escalation/

https://wpvulndb.com/vulnerabilities/10074 More info: https://wpvulndb.com/vulnerabilities/10074

https://wpvulndb.com/vulnerabilities/10075 More info: https://wpvulndb.com/vulnerabilities/10075

https://www.wordfence.com/blog/2020/02/zero-day-vulnerability-in-themerex-addons-plugin-exploited-in-the-wild/ Description: Remote Code ExecutionAffected Plugin: ThemeREX AddonsAffected Versions: Versions greater than 1.6.50CVSS Score: 9.8 (Critical)CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPatched Version: Currently No Patch. Today, February 18th, our Threat Intelligence team was notified of a vulnerability present in ThemeREX Addons, a WordPress plugin installed on an estimated More info: https://www.wordfence.com/blog/2020/02/zero-day-vulnerability-in-themerex-addons-plugin-exploited-in-the-wild/

https://wpvulndb.com/vulnerabilities/10076 More info: https://wpvulndb.com/vulnerabilities/10076

Type: Vulnerability. Moodle is prone to a cross-site request-forgery vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=111937&om_rssid=sr-advisories

https://wordpress.org/news/2020/02/wordpress-5-4-beta-2/WordPress 5.4 Beta 2 is now available! This software is still in development, so we don’t recommend running it on a production site. Consider setting up a test site to play with the new version. You can test WordPress 5.4 beta 2 in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” option) Or download […] More info: https://wordpress.org/news/2020/02/wordpress-5-4-beta-2/

Type: Vulnerability. Redhat Ansible Engine is prone to an information-disclosure vulnerability. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=111939&om_rssid=sr-advisories

Type: Vulnerability. ABB Asset Suite is prone to an access-bypass vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=111938&om_rssid=sr-advisories

Type: Vulnerability. WebKitGTK and WPE WebKit are prone to multiple security vulnerabilities; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=111940&om_rssid=sr-advisories