On March 3, 2020, our Threat intelligence team discovered a number of vulnerabilities in WP Lead Plus X, a WordPress plugin with over 70,000 installations designed to allow site owners to create landing and squeeze pages on their sites. These vulnerabilities allowed an authenticated attacker with minimal permissions, such as a subscriber, to create or […]
More info:
https://www.wordfence.com/blog/2020/04/critical-vulnerabilities-in-the-wp-lead-plus-x-wordpress-plugin/
On March 3, 2020, our Threat intelligence team discovered a number of vulnerabilities in WP Lead Plus X, a WordPress plugin with over 70,000 installations designed to allow site owners to create landing and squeeze pages on their sites. These vulnerabilities allowed an authenticated attacker with minimal permissions, such as a subscriber, to create or […]
More info:
https://www.wordfence.com/blog/2020/04/critical-vulnerabilities-in-the-wp-lead-plus-x-wordpress-plugin/
Prior to being able to display a web page within a browser the rendering engine checks and verifies the MIME type of the document being loaded. In case of an html page, for example, the rendering engine expects a MIME … Continue readingThe post Firefox 75 will respect ‘nosniff’ for Page Loads appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2020/04/07/firefox-75-will-respect-nosniff-for-page-loads/
These monthly reports are provided for the WordPress community at large from Pagely’s head of security, Robert Rowley. Rowley and the entire security team keep their finger on the pulse […]
More info:
https://pagely.com/blog/wordpress-security-updates-march-2020/
This week, we look at the WordPress 5.4 release which includes turning distraction free editing on by default. We also look at new plugin vulnerabilities discovered by the Wordfence Threat Intelligence team, including those found in Rank Math and a Contact From 7 helper plugin. We review the new features recently added to Fast or […]
More info:
https://www.wordfence.com/blog/2020/04/episode-72-wordpress-5-4-released-zoom-conferencing-safety-security/
In the previous blog, 2020 Cybersecurity Outlook Report: Key Findings (Part 1 of 2), the topic of discussion revolved around common attacker tactics, techniques, and procedures (TTPs) seen in 2019. To recap, some notable insights from Part 1 included the following: As attacker behavior became more evasive, there was an increase in the use The post 2020 Cybersecurity Outlook Report: Key Findings (Part 2 of 2) appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2020/04/2020-cybersecurity-outlook-report-key-findings-part-2-of-2.html
In the previous blog, 2020 Cybersecurity Outlook Report: Key Findings (Part 1 of 2), the topic of discussion revolved around common attacker tactics, techniques, and procedures (TTPs) seen in 2019. To recap, some notable insights from Part 1 included the following: As attacker behavior became more evasive, there was an increase in the use The post 2020 Cybersecurity Outlook Report: Key Findings (Part 2 of 2) appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2020/04/2020-cybersecurity-outlook-report-key-findings-part-2-of-2.html
PHP vulnerability CVE-2020-7066 Security Advisory Security Advisory Description In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using get_headers() with user- ...
More info:
https://support.f5.com/csp/article/K17457324?utm_source=f5support&utm_medium=RSS
On April 1, 2020, the Wordfence Threat Intelligence team discovered a stored Cross Site Scripting (XSS) vulnerability in Contact Form 7 Datepicker, a WordPress plugin installed on over 100,000 sites. As the plugin developer’s github page indicated that the plugin was no longer being maintained, we contacted the WordPress plugins team with our disclosure, and […]
More info:
https://www.wordfence.com/blog/2020/04/high-severity-vulnerability-leads-to-closure-of-plugin-with-over-100000-installations/
With much of the world shifting to working from home due to public health concerns with COVID-19, video conferencing is booming. Businesses, and even schools, are turning to platforms such as Zoom, Microsoft Teams, Google hangouts and other technologies to stay connected. Zoom has come under fire in recent days due to security issues with […]
More info:
https://www.wordfence.com/blog/2020/04/safety-and-security-while-video-conferencing/
