As a content management system, WordPress has a set user roles. In essence, these WordPress user roles define the capabilities (permissions to carry out specific website tasks) of each individual user on your website. As your site grows, it’s essential to understand those roles and capabilities to ensure the continued security of your website. Since […]
More info:
https://www.wpwhitesecurity.com/wordpress-user-roles-wordpress-security/
As a content management system, WordPress has a set user roles. In essence, these WordPress user roles define the capabilities (permissions to carry out specific website tasks) of each individual user on your website. As your site grows, it’s essential to understand those roles and capabilities to ensure the continued security of your website. Since […]
More info:
https://www.wpwhitesecurity.com/wordpress-user-roles-wordpress-security/
Linux kernel vulnerability CVE-2019-17055 Security Advisory Security Advisory Description base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through ...
More info:
https://support.f5.com/csp/article/K63176101?utm_source=f5support&utm_medium=RSS
The BIG-IP ASM system may fail to mask sensitive parameter for an Allowed URL in the Referrer header and logs Security Advisory Security Advisory Description The BIG-IP ASM system may fail to mask ...
More info:
https://support.f5.com/csp/article/K86285055?utm_source=f5support&utm_medium=RSS
TMM vulnerability CVE-2020-5930 Security Advisory Security Advisory Description Unauthenticated attackers can cause disruption of service via undisclosed methods. (CVE-2020-5930) Impact An ...
More info:
https://support.f5.com/csp/article/K20622530?utm_source=f5support&utm_medium=RSS
Quite a few new WordPress plugin and theme vulnerabilities were disclosed during the second half of September, making this one of our largest round-ups to date. In this post, we cover recent WordPress plugin, theme, and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your […]
More info:
https://ithemes.com/wordpress-vulnerability-roundup-september-2020-part-2/
by Michael Hawkins. The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk.Severity/Risk:SeriousVersions affected:3.9 to 3.9.1Versions fixed:3.9.2Reported by:Kien HoangCVE identifier:CVE-2020-25627Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69240Tracker issue:MDL-69240 Stored XSS via moodlenetprofile parameter in user profile
More info:
https://moodle.org/mod/forum/discuss.php?d=410839&parent=1657001
by Michael Hawkins. Users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager.Severity/Risk:MinorVersions affected:3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versionsVersions fixed:3.9.2, 3.8.5, 3.7.8 and 3.5.14Reported by:Florence ThiardWorkaround:Remove the "Login as other users" capability from the manager
More info:
https://moodle.org/mod/forum/discuss.php?d=410841&parent=1657003
by Michael Hawkins. The filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.Severity/Risk:SeriousVersions affected:3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versionsVersions fixed:3.9.2, 3.8.5, 3.7.8 and 3.5.14Reported by:Luuk VerhoevenCVE identifier:CVE-2020-25628Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69340Tracker issue:MDL-69340 Reflected XSS in tag manager
More info:
https://moodle.org/mod/forum/discuss.php?d=410840&parent=1657002
by Michael Hawkins. It was possible to include JavaScript in a books chapter title, which was not escaped on the "Add new chapter" page.Note: By default this functionality is only available to trusted users (such as teachers), but has been included as a security issue as a precaution, since it was not sanitized on sites with forceclean enabled.Severity/Risk:MinorVersions affected:3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7Versions fixed:3.9.2, 3.8.5 and 3.7.8Reported by:DegrangeMCVE
More info:
https://moodle.org/mod/forum/discuss.php?d=410843&parent=1657005
