Month: noviembre 2020

WordPress 5.6 Beta 4 is now available for testing! This software is still in development, so we recommend that you run this version on a test site. You can test the WordPress 5.6 beta in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” option). Or download the beta here (zip). The current target for the […] More info: https://wordpress.org/news/2020/11/wordpress-5-6-beta-4/

The post How To Create a Staging Site for WordPress Websites? (Step-by-Step) appeared first on BlogVault – The Most Reliable WordPress Backup Plugin. More info: https://blogvault.net/wordpress-staging-site/

Three critical privilege escalation vulnerabilities in the Ultimate Member plugin put over 100,000 sites at risk. We also talk about the Page Experience metric to be added as a ranking signal for Google search in May 2021 and what this means for WordPress sites using page builders or Gutenberg. Microsoft warns against using telephone/SMS-based multi-factor […] More info: https://www.wordfence.com/blog/2020/11/episode-95-critical-privilege-escalation-vulnerabilities-affect-over-100k-wordpress-sites/

Your WordPress site’s security should be one of your top concerns as a webmaster. However, there’s no such thing as a ‘set and forget’ approach with security. In actual fact, your security arrangements should form part of a never-ending process. You need to continually harden, monitor, improve, and test your WordPress security arrangements. When it […] More info: https://www.wpwhitesecurity.com/best-wordpress-security-plugins/

Security on the web matters. Whenever you connect to a web page and enter a password, a credit card number, or other sensitive information, you want to be sure … Read moreThe post Firefox 83 introduces HTTPS-Only Mode appeared first on Mozilla Security Blog. More info: https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/

by Michael Hawkins. Users enrolment capabilities were not being sufficiently checked when they restored into an existing course, which could lead to them unenrolling users without having permission to do so.Severity/Risk:MinorVersions affected:3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versionsVersions fixed:3.10, 3.9.3, 3.8.6, 3.7.9 and 3.5.15Reported by:Roman SevostyanovCVE identifier:CVE-2020-25698Changes More info: https://moodle.org/mod/forum/discuss.php?d=413935&parent=1668770

by Michael Hawkins. Insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course.Severity/Risk:MinorVersions affected:3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versionsVersions fixed:3.10, 3.9.3, 3.8.6, 3.7.9 and 3.5.15Reported by:Matt PetroCVE identifier:CVE-2020-25699Changes More info: https://moodle.org/mod/forum/discuss.php?d=413936&parent=1668771

by Michael Hawkins. Some database module web services allowed students to add entries within groups they did not belong to.Severity/Risk:MinorVersions affected:3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versionsVersions fixed:3.10, 3.9.3, 3.8.6, 3.7.9 and 3.5.15Reported by:Dani PalouCVE identifier:CVE-2020-25700Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-67015Tracker issue:MDL-67015 Some database More info: https://moodle.org/mod/forum/discuss.php?d=413938&parent=1668773

by Michael Hawkins. If the upload course tool was used to delete an enrolment method which did not exist or was not already enabled, the tool would erroneously enable that enrolment method. This could lead to unintended users gaining access to the course.Severity/Risk:MinorVersions affected:3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8 and 3.5 to 3.5.14 and earlier unsupported versionsVersions fixed:3.10, 3.9.3, 3.8.6, 3.7.9 and 3.5.15Reported by:Víctor Déniz More info: https://moodle.org/mod/forum/discuss.php?d=413939&parent=1668774

by Michael Hawkins. It was possible to include JavaScript when re-naming content bank items.Severity/Risk:MinorVersions affected:3.9 to 3.9.2Versions fixed:3.10, 3.9.3Reported by:DegrangeMCVE identifier:CVE-2020-25702Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69046Tracker issue:MDL-69046 Stored XSS possible when renaming content bank items More info: https://moodle.org/mod/forum/discuss.php?d=413940&parent=1668775