by Michael Hawkins. The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk.Severity/Risk:SeriousVersions affected:3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versionsVersions fixed:3.9.2, 3.8.5, 3.7.8 and 3.5.14Reported by:Luuk VerhoevenCVE identifier:CVE-2020-25628Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69340Tracker issue:MDL-69340 Reflected XSS in tag manager
More info:
https://moodle.org/mod/forum/discuss.php?d=410840&parent=1657002
This summer, MalwareBytes researcher Jérôme Segura wrote an article about how criminals use image files (.ico) to hide JavaScript credit card stealers on compromised e-commerce sites. In a tweet, Affable Kraut also reported another similar obfuscation technique using .ico files to conceal JavaScript skimmers. Just something I’ve noticed more recently with digital skimmers/#magecart. Obfuscated code […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/pelL3-1iX6Y/css-js-steganography-in-fake-flash-player-update-malware.html
In the Feature Spotlight posts, we will highlight a feature in the iThemes Security Pro plugin and share a bit about why we developed the feature, who the feature is for, and how to use the feature. Today we are going to cover WordPress Tweaks, a collection of tools to secure your WordPress website. Why You Should Use […]
More info:
https://ithemes.com/ithemes-security-pro-feature-spotlight-wordpress-tweaks/
October 2020 was a notable month for WordPress lovers, thanks to the release of several products and updates. Read on to keep up with all the latest news! The 2020 WordPress Annual Survey is out The team published the 2020 WordPress Annual survey — to help those who build WordPress to understand more about our […]
More info:
https://wordpress.org/news/2020/11/the-month-in-wordpress-october-2020/
WordPress 5.6 Beta 3 is now available for testing! This software is still in development, so we recommend that you run this version on a test site. You can test the WordPress 5.6 beta in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” option). Or download the beta here (zip). The current target for the […]
More info:
https://wordpress.org/news/2020/11/wordpress-5-6-beta-3/
BIG-IQ system interface vulnerability CVE-2020-5944 Security Advisory Security Advisory Description Accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns ...
More info:
https://support.f5.com/csp/article/K57274211?utm_source=f5support&utm_medium=RSS
On Thursday, October 29, the WordPress core team released WordPress version 5.5.2. This was a minor release containing bug fixes and security enhancements to the core WordPress content management system powering over one-third of the internet. There was a subsequent 5.5.3 release one day later; you can read about the emergency WP 5.5.3 release here. […]
More info:
https://www.wordfence.com/blog/2020/11/unpacking-the-wordpress-5-5-2-5-5-3-security-release/
