QEMU vulnerabilities CVE-2020-10761, CVE-2020-13361, CVE-2020-13362, CVE-2020-13659, and CVE-2020-13754 Security Advisory Security Advisory Description CVE-2020-10761 An assertion failure issue ...
More info:
https://support.f5.com/csp/article/K61547155?utm_source=f5support&utm_medium=RSS
On July 23, 2020, our Threat Intelligence team discovered a vulnerability present in two themes by Elegant Themes, Divi and Extra, as well as Divi Builder, a WordPress plugin. Combined, these products are installed on an estimated 700,000 sites. This flaw gave authenticated attackers, with contributor-level or above capabilities, the ability to upload arbitrary files, […]
More info:
https://www.wordfence.com/blog/2020/08/critical-vulnerability-exposes-over-700000-sites-using-divi-extra-and-divi-builder/
This monthly report is provided for the WordPress community at large from Pagely’s head of security, Robert Rowley. Rowley and the entire security team keep their finger on the pulse […]
More info:
https://pagely.com/blog/wordpress-security-updates-july-2020/
On June 26, 2020, our Threat Intelligence team discovered a vulnerability in The Official Facebook Chat Plugin, a WordPress plugin installed on over 80,000 sites. This flaw made it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors […]
More info:
https://www.wordfence.com/blog/2020/08/the-official-facebook-chat-plugin-created-vector-for-social-engineering-attacks/
The second release candidate for WordPress 5.5 is here! WordPress 5.5 is slated for release on August 11, 2020, but we need your help to get there—if you haven’t tried 5.5 yet, now is the time! You can test the WordPress 5.5 release candidate in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” option) Or download the release […]
More info:
https://wordpress.org/news/2020/08/wordpress-5-5-release-candidate-2/
PCRE vulnerability CVE-2020-14155 Security Advisory Security Advisory Description libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (? C substring. (CVE-2020-14155)
More info:
https://support.f5.com/csp/article/K02219239?utm_source=f5support&utm_medium=RSS
A little over a year ago we enabled Enhanced Tracking Protection (ETP) by default in Firefox. We did so because we recognize that tracking poses a threat to society, user … Read moreThe post Firefox 79 includes protections against redirect tracking appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2020/08/04/firefox-79-includes-protections-against-redirect-tracking/
On July 13, 2020, our Threat Intelligence team was alerted to a recently patched vulnerability in Newsletter, a WordPress plugin with over 300,000 installations. While investigating this vulnerability, we discovered two additional, more serious vulnerabilities, including a reflected Cross-Site Scripting(XSS) vulnerability and a PHP Object Injection vulnerability. We reached out to the plugin’s author on […]
More info:
https://www.wordfence.com/blog/2020/08/newsletter-plugin-vulnerabilities-affect-over-300000-sites/
In the Feature Spotlight posts, we highlight a feature in iThemes Security Pro and share a bit about why we developed the feature, who the feature is for, and how to use the feature. Today we are going to cover Local Brute Force Protection and Banned Users, two great features in the iThemes Security Pro […]
More info:
https://ithemes.com/ithemes-security-pro-feature-spotlight-local-brute-force-protection-banned-users/
jQuery vulnerability CVE-2020-11023 Security Advisory Security Advisory Description In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements ...
More info:
https://support.f5.com/csp/article/K66544153?utm_source=f5support&utm_medium=RSS
