The iThemes Security Pro Banned Users feature just got an upgrade. Banned Users version now gives you more flexibility on how bans are enforced on your website. Plus, with the new Banned Users Security Card, you can manage your bans directly from your WordPress Security Dashboard. Current iThemes Security Pro, Plugin Suite & Toolkit customers […]
More info:
https://ithemes.com/new-ithemes-security-pro-6-7-0/
Project: Drupal coreDate: 2020-September-16Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross-site scriptingCVE IDs: CVE-2020-13666Description: The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting.Solution: Install the latest version:If you are using Drupal 7.x, upgrade to Drupal 7.73.If you are using Drupal 8.8.x, upgrade to Drupal 8.8.10.If you are using Drupal 8.9.x, upgrade to
More info:
https://www.drupal.org/sa-core-2020-007
Project: Drupal coreDate: 2020-September-16Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross-site scriptingCVE IDs: CVE-2020-13666Description: The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting.Solution: Install the latest version:If you are using Drupal 7.x, upgrade to Drupal 7.73.If you are using Drupal 8.8.x, upgrade to Drupal 8.8.10.If you are using Drupal 8.9.x, upgrade to
More info:
https://www.drupal.org/sa-core-2020-007
Apache Struts vulnerabilities CVE-2019-0233 and CVE-2019-0230 Security Advisory Security Advisory Description CVE-2019-0233 An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause ...
More info:
https://support.f5.com/csp/article/K35226442?utm_source=f5support&utm_medium=RSS
Project: Drupal coreDate: 2020-September-16Security risk: Moderately critical 12∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Information disclosureCVE IDs: CVE-2020-13670Description: A vulnerability exists in the File module which allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file.Solution: Install the latest version:If you are using Drupal 8.8.x, upgrade to Drupal
More info:
https://www.drupal.org/sa-core-2020-011
Project: Drupal coreDate: 2020-September-16Security risk: Critical 15∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross-site scriptingCVE IDs: CVE-2020-13668Description: Drupal 8 and 9 have a reflected cross-site scripting (XSS) vulnerability under certain circumstances.An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.Solution: Install the latest version:If you are using Drupal 8.8.x, upgrade
More info:
https://www.drupal.org/sa-core-2020-009
Python vulnerability CVE-2019-9636 Security Advisory Security Advisory Description Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an ...
More info:
https://support.f5.com/csp/article/K57542514?utm_source=f5support&utm_medium=RSS
Project: Drupal coreDate: 2020-September-16Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross-site scriptingCVE IDs: CVE-2020-13666Description: The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting.Solution: Install the latest version:If you are using Drupal 7.x, upgrade to Drupal 7.73.If you are using Drupal 8.8.x, upgrade to Drupal 8.8.10.If you are using Drupal 8.9.x, upgrade to
More info:
https://www.drupal.org/sa-core-2020-007
Project: Drupal coreDate: 2020-September-16Security risk: Critical 15∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross-site scriptingCVE IDs: CVE-2020-13668Description: Drupal 8 and 9 have a reflected cross-site scripting (XSS) vulnerability under certain circumstances.An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.Solution: Install the latest version:If you are using Drupal 8.8.x, upgrade
More info:
https://www.drupal.org/sa-core-2020-009
Project: Drupal coreDate: 2020-September-16Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross-site scriptingCVE IDs: CVE-2020-13669Description: Drupal cores built-in CKEditor image caption functionality is vulnerable to XSS.Solution: Install the latest version:If you are using Drupal 8.8.x, upgrade to Drupal 8.8.10.If you are using Drupal 8.9.x, upgrade to Drupal 8.9.6.If you are using Drupal 9.0.x, upgrade to Drupal
More info:
https://www.drupal.org/sa-core-2020-010
