https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/ On January 7th, our Threat Intelligence team discovered vulnerabilities in WP Database Reset, a WordPress plugin installed on over 80,000 websites. One of these flaws allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state, while the other flaw allowed any authenticated user, even those with minimal […]
More info:
https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/
https://wpvulndb.com/vulnerabilities/10027
More info:
https://wpvulndb.com/vulnerabilities/10027
https://wpvulndb.com/vulnerabilities/10028
More info:
https://wpvulndb.com/vulnerabilities/10028
https://www.wpwhitesecurity.com/eliminate-false-positives-file-integrity-monitoring-wordpress/File integrity monitoring (FIM) allows you to quickly detect file changes on your WordPress site. It is an important part of securing a WordPress site and the way it works is very simple: it compares baseline cryptographic hashes to the current hash of the monitored files. When a change happens, you get an alert. However, […]
More info:
https://www.wpwhitesecurity.com/eliminate-false-positives-file-integrity-monitoring-wordpress/
https://wpvulndb.com/vulnerabilities/10029
More info:
https://wpvulndb.com/vulnerabilities/10029
Linux Kernel Vulnerability CVE-2019-19079 Security Advisory Security Advisory Description A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 ...
More info:
https://support.f5.com/csp/article/K70933496?utm_source=f5support&utm_medium=RSS
Linux Kernel Vulnerability CVE-2019-19079 Security Advisory Security Advisory Description A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 ...
More info:
https://support.f5.com/csp/article/K70933496?utm_source=f5support&utm_medium=RSS
https://www.wordfence.com/blog/2020/01/critical-authentication-bypass-vulnerability-in-infinitewp-client-plugin/ Description: Authentication BypassAffected Plugin: InfiniteWP ClientAffected Versions: < 1.9.4.5CVSS Score: 9.8 (Critical)CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPatched Version: 1.9.4.5 A vulnerability has been discovered in the InfiniteWP Client plugin versions 1.9.4.4 or earlier. InfiniteWP Client is a plugin that, when installed on a WordPress site, allows a
More info:
https://www.wordfence.com/blog/2020/01/critical-authentication-bypass-vulnerability-in-infinitewp-client-plugin/
https://ithemes.com/new-ithemes-security-get-a-pro-feature-and-ccpa-changes-in-pro/Not every site is the same; that is why we have always been hesitant to take a blanket approach to WordPress Security. For example, several sites are behind some proxy. When a site is behind a proxy, it could appear that every visitor is coming from the same IP address. When malicious actors seem to […]
More info:
https://ithemes.com/new-ithemes-security-get-a-pro-feature-and-ccpa-changes-in-pro/
https://blogvault.net/wordpress-disable-xmlrpc/The post How to Disable XML-RPC for Better WordPress Security appeared first on BlogVault – The Most Reliable WordPress Backup Plugin.
More info:
https://blogvault.net/wordpress-disable-xmlrpc/
