On December 15, 2020, our Threat Intelligence team responsibly disclosed several vulnerabilities in Tutor LMS, a WordPress plugin installed on over 20,000 sites. The first five flaws made it possible for authenticated attackers to inject and execute arbitrary SQL statements on WordPress sites. This made it possible for attackers to obtain information stored in a […]
More info:
https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/
New WordPress plugin and theme vulnerabilities were disclosed during the third week of March. This report covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, […]
More info:
https://ithemes.com/wordpress-vulnerability-roundup-march-2021-part-2/
On February 23, 2021, the Wordfence Threat Intelligence team responsibly disclosed a set of stored Cross-Site Scripting vulnerabilities in Elementor, a WordPress plugin which “is now actively installed and used on more than 7M websites” according to a recent announcement on the Elementor blog. These vulnerabilities allowed any user able to access the Elementor editor, […]
More info:
https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/
We’re excited to announce the launch of WP Activity Log 4.2.1. Even though this release is not packed with lots of new features, it is still a very important maintenance update. It includes a lot of under the hood changes. This post explains what is new and improved in this update of the most comprehensive […]
More info:
https://wpactivitylog.com/wsal-4-2-1/
This past year has been a rollercoaster of emotions for many of us. Some were thriving while others were barely surviving. One takeaway we can be proud of as a community is how most of us had to be even more creative than usual to get through 2020… With long hours, a lot of stress […]
More info:
https://www.wpwhitesecurity.com/atarim-summit-2021/
Today we are happy to announce update 1.7.0 of the Activity Log for MainWP plugin, the invaluable extension that administrators and agencies use to view the activity logs of all child sites from one central portal – the MainWP dashboard. Just like we did with WP Activity Log, in this update we updated the date […]
More info:
https://wpactivitylog.com/activity-log-mainwp-1-7-0/
Today we are happy to announce update 1.7.0 of the Activity Log for MainWP plugin, the invaluable extension that administrators and agencies use to view the activity logs of all child sites from one central portal – the MainWP dashboard. Just like we did with WP Activity Log, in this update we updated the date […]
More info:
https://wpactivitylog.com/activity-log-mainwp-1-7-0/
BIG-IP APM VPN vulnerability CVE-2021-23002 Security Advisory Security Advisory Description The session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the ...
More info:
https://support.f5.com/csp/article/K71891773?utm_source=f5support&utm_medium=RSS
BIG-IP TMM vulnerability CVE-2021-23000 Security Advisory Security Advisory Description If the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is ...
More info:
https://support.f5.com/csp/article/K34441555?utm_source=f5support&utm_medium=RSS
libxml2 vulnerability CVE-2016-4448 Security Advisory Security Advisory Description Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format ...
More info:
https://support.f5.com/csp/article/K41103561?utm_source=f5support&utm_medium=RSS
