Day: 7 marzo, 2020

https://ithemes.com/one-click-secure-site-wordpress-security-check/The latest version of iThemes Security Pro (6.4.2) & iThemes Security Free (7.6.1) includes a new “one-click” WordPress Security Check for your WordPress site. The Security Check feature is designed to help save you time and ensure your site is using the recommended security settings. Features/Settings Enabled by Security Check With just one click of […] More info: https://ithemes.com/one-click-secure-site-wordpress-security-check/

https://ithemes.com/combat-wordpress-brute-force-attacks-ithemes-brute-force-protection-network-free-ithemes-security/A new way to combat WordPress Brute Force Attacks just arrived with the new iThemes Brute Force Protection Network. This new brute force protection setting is available in the latest version of iThemes Security — free to download on the WordPress.org Plugin Directory. Understanding Brute Force Attacks Unlike hacks that focus on vulnerabilities in software, brute […] More info: https://ithemes.com/combat-wordpress-brute-force-attacks-ithemes-brute-force-protection-network-free-ithemes-security/

https://www.getastra.com/blog/911/plugin-exploit/stored-xss-vulnerability-found-in-wpforms-plugin/ WPForms Plugin version 1.5.8.2 and below were found to be vulnerable to authenticated stored XSS while I was auditing the plugin. WPForms version 1.5.9 with improved data sanitization was released on March 5, 2020. Summary WPForms is a popular WordPress … More info: https://www.getastra.com/blog/911/plugin-exploit/stored-xss-vulnerability-found-in-wpforms-plugin/

Apache Tomcat vulnerability CVE-2020-1935 Security Advisory Security Advisory Description In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used ... More info: https://support.f5.com/csp/article/K43709560?utm_source=f5support&utm_medium=RSS

https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin/ On February 24th, our Threat Intelligence team discovered several critical vulnerabilities in RegistrationMagic, a WordPress plugin installed on over 10,000 sites, including the vendor’s own site. These allowed an attacker with subscriber-level permissions to elevate their account’s privileges to those of an administrator and to export every form on the site, including all the More info: https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin/

https://www.wpwhitesecurity.com/ppmwp-2-1/Password Policy Manager for WordPress 2.1 is out today! In this plugin update we added a new policy to disable dormant users, support for post login redirect plugins, and several other improvements. This post highlights all that is new and improved in the latest version of Password Policy Manager for WordPress. The dormant WordPress users […] More info: https://www.wpwhitesecurity.com/ppmwp-2-1/