http://feedproxy.google.com/~r/sucuri/blog/~3/vUeck3YfxVs/dissecting-the-wordpress-5-2-3-update.html Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes. Part of our day to day work is to analyse these security releases, discover what security issue it is fixing and come up with a Proof of Concept for further internal testing. Based on […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/vUeck3YfxVs/dissecting-the-wordpress-5-2-3-update.html
http://feedproxy.google.com/~r/sucuri/blog/~3/vUeck3YfxVs/dissecting-the-wordpress-5-2-3-update.html Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes. Part of our day to day work is to analyse these security releases, discover what security issue it is fixing and come up with a Proof of Concept for further internal testing. Based on […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/vUeck3YfxVs/dissecting-the-wordpress-5-2-3-update.html
by Michael Hawkins. Activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode.Severity/Risk:MinorVersions affected:3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versionsVersions fixed:3.7.2, 3.6.6 and 3.5.8Reported by:Andrew NicolsCVE identifier:CVE-2019-14829Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-66187Tracker issue:MDL-66187 Activity
More info:
https://moodle.org/mod/forum/discuss.php?d=391035&parent=1576213
by Michael Hawkins. Activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode.Severity/Risk:MinorVersions affected:3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versionsVersions fixed:3.7.2, 3.6.6 and 3.5.8Reported by:Andrew NicolsCVE identifier:CVE-2019-14829Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-66187Tracker issue:MDL-66187 Activity
More info:
https://moodle.org/mod/forum/discuss.php?d=391035&parent=1576213
More info:
https://wpvulndb.com/vulnerabilities/9880
https://www.wpsecurityauditlog.com/releases/update-3-5/The main role of an audit log plugin (aka activity log) is to keep a log of the changes users do on your WordPress website. However, the WP Security Audit Log can also keep a log of other website activities that you should know of. For example it can keep a log when new users […]
More info:
https://www.wpsecurityauditlog.com/releases/update-3-5/
https://www.wpwhitesecurity.com/ssl-tls-https-guide-wordpress-administrators/When you visit a website, your browser (also known as a client) sends a HTTP request to a web server. Once the web server sends an HTTP response, the browser can then render the page to your screen. However, HTTP traffic has a problem; it is a plaintext protocol. This makes it susceptible to snooping […]
More info:
https://www.wpwhitesecurity.com/ssl-tls-https-guide-wordpress-administrators/
https://ithemes.com/top-5-wordpress-security-vulnerabilities/If you own a WordPress website, you should be aware of potential WordPress security vulnerabilities. Just like locking the doors of your house, investing in an alarm system and paying for insurance, your website should have security and safety measures in place. The truth is, most WordPress security issues can be prevented if site owners simply follow […]
More info:
https://ithemes.com/top-5-wordpress-security-vulnerabilities/
https://ithemes.com/5-ithemes-security-tips/Using a WordPress security plugin like iThemes Security Pro is a great way to secure your WordPress site. In this post, we cover 5 iThemes Security tips to help secure your WordPress website. WordPress security can seem like a daunting task, but the good news is managing your security strategy can be a painless experience. […]
More info:
https://ithemes.com/5-ithemes-security-tips/
libssh2 vulnerability CVE-2019-13115 Security Advisory Security Advisory Description In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer ...
More info:
https://support.f5.com/csp/article/K13322484
