Month: marzo 2021

The second release candidate for WordPress 5.7 is now available! You can test the WordPress 5.7 release candidate in two ways: Try the WordPress Beta Tester plugin (choose the “Bleeding edge” channel and Beta/RC Only” stream options) Or download the release candidate here (zip). Thank you to all of the contributors who tested the Beta/RC releases and gave feedback. […] More info: https://wordpress.org/news/2021/03/wordpress-5-7-release-candidate-2/

On February 15, 2021, our Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in User Profile Picture, a WordPress plugin installed on over 60,000 sites. The vulnerability made it possible for authenticated users with the upload_files capability to obtain sensitive user information. We initially reached out to Cozmoslabs, the […] More info: https://www.wordfence.com/blog/2021/03/medium-severity-vulnerability-patched-in-user-profile-picture-plugin/

You don’t have to be rich to have an online presence. You don’t have to find loopholes in proprietary platforms and hope that they never change their terms of service. You own all of the content that you create on a WordPress site and have the liberty to move it to a new host if […] More info: https://wordpress.org/news/2021/03/the-month-in-wordpress-february-2021/

New WordPress plugin and theme vulnerabilities were disclosed during the first week of March. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress […] More info: https://ithemes.com/wordpress-vulnerability-roundup-march-2021-part-1/

When it comes to an organization’s security, business email compromise (BEC) attacks are a big problem. One primary reason impacts are so significant is that attacks often use a human victim to authorize a fraudulent transaction to bypass existing security controls that would normally be used to prevent fraud. Another reason is that social engineering […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/7CWjK9uypZA/trojan-spyware-and-bec-attacks.html

Linux nfsd kernel vulnerability CVE-2020-24394 Security Advisory Security Advisory Description In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on ... More info: https://support.f5.com/csp/article/K04553557?utm_source=f5support&utm_medium=RSS

Linux nfsd kernel vulnerability CVE-2020-24394 Security Advisory Security Advisory Description In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on ... More info: https://support.f5.com/csp/article/K04553557?utm_source=f5support&utm_medium=RSS

More info: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11105&actp=RSS

More info: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11105&actp=RSS

Linux NFS kernel vulnerablity CVE-2020-25212 Security Advisory Security Advisory Description A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local ... More info: https://support.f5.com/csp/article/K42355373?utm_source=f5support&utm_medium=RSS