https://www.wordfence.com/blog/2020/03/active-attack-on-zero-day-in-custom-searchable-data-entry-system-plugin/ The Wordfence Threat Intelligence team is tracking a series of attacks against an unpatched vulnerability in the Custom Searchable Data Entry System plugin for WordPress. The estimated 2,000+ sites running the plugin are vulnerable to Unauthenticated Data Modification and Deletion, including the potential to delete the entire contents of any table in a vulnerable […]
More info:
https://www.wordfence.com/blog/2020/03/active-attack-on-zero-day-in-custom-searchable-data-entry-system-plugin/
https://pagely.com/blog/pagely-security-updates-feb-2020/WordPress Core No notable WordPress core security releases. Plugin/Theme Vulnerabilities of Note Duplicator Plugin The Duplicator and Duplicator-Pro plugins both contained a vulnerability that allowed attackers to make a single […]
More info:
https://pagely.com/blog/pagely-security-updates-feb-2020/
https://pagely.com/blog/unlicensed-wordpress-plugins-themes/One of the greatest things about WordPress is the open source community behind it. Thanks to the multitude of plugins and themes available, even the most basic of users can […]
More info:
https://pagely.com/blog/unlicensed-wordpress-plugins-themes/
https://ithemes.com/wordpress-vulnerability-roundup-march-2020-part-1/New WordPress plugin and theme vulnerabilities were disclosed during the first half of March, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup […]
More info:
https://ithemes.com/wordpress-vulnerability-roundup-march-2020-part-1/
https://www.wordfence.com/blog/2020/03/vulnerability-patched-in-import-export-wordpress-users/ On February 26th, our Threat Intelligence team discovered a vulnerability in Import Export WordPress Users, a WordPress plugin installed on over 30,000 sites. The flaw allowed anybody with subscriber-level access or above to import new users via a CSV file, including administrative-level users. We reached out to the plugin’s developer on February 26th, who […]
More info:
https://www.wordfence.com/blog/2020/03/vulnerability-patched-in-import-export-wordpress-users/
PHP vulnerability CVE-2020-7059 Security Advisory Security Advisory Description When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3. ...
More info:
https://support.f5.com/csp/article/K21418431?utm_source=f5support&utm_medium=RSS
PHP vulnerability CVE-2020-7060 Security Advisory Security Advisory Description When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x ...
More info:
https://support.f5.com/csp/article/K45991967?utm_source=f5support&utm_medium=RSS
PHP vulnerability CVE-2020-7062 Security Advisory Security Advisory Description In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, ...
More info:
https://support.f5.com/csp/article/K21121402?utm_source=f5support&utm_medium=RSS
Linux kernel vulnerability CVE-2019-19072 Security Advisory Security Advisory Description A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel ...
More info:
https://support.f5.com/csp/article/K42438635?utm_source=f5support&utm_medium=RSS
You are viewing a previous version of this security bulletin. For the most current version please visit: "Container Security Issue (CVE-2019-5736)". February 11, 2019 11:00 PM PST CVE Identifier: CVE-2019-5736 AWS is aware of the recently disclosed security issue which affects several open-source container management systems (CVE-2019-5736). With the exception of the AWS services listed below, no customer action is required to address this issue. Amazon Linux An updated version of
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2019-002/v3/
