SupportCandy <= 2.0.0 – Arbitrary File Upload
More info:
https://wpvulndb.com/vulnerabilities/9488
Simple Job Board <= 2.4.3 – Reflected XSS
More info:
https://wpvulndb.com/vulnerabilities/9486
ND Shortcodes For Visual Composer <= 5.8 – Unauthenticated WP Options Update
More info:
https://wpvulndb.com/vulnerabilities/9485
Travel Management <= 1.5 – Unauthenticated Options Change
More info:
https://wpvulndb.com/vulnerabilities/9491
WordPress Vulnerability Roundup: July 2019, Part 2
https://ithemes.com/wordpress-vulnerability-roundup-july-2019-part-2/New WordPress plugin vulnerabilities were disclosed during the last half of July, so we want to keep you aware. We divide the WordPress Vulnerability Roundup into four different categories: 1. WordPress core 2. WordPress Plugins 3. WordPress Themes 4. Breaches From Around the Web * We include breaches from around the web because it is […]
More info:
https://ithemes.com/wordpress-vulnerability-roundup-july-2019-part-2/
DSA-4490 subversion – security update
Several vulnerabilities were discovered in Subversion, a version controlsystem. The Common Vulnerabilities and Exposures project identifies thefollowing problems:
More info:
https://www.debian.org/security/2019/dsa-4490
Neapolitan Backdoor Injection
http://feedproxy.google.com/~r/sucuri/blog/~3/1roZh1ScQTA/neapolitan-backdoor-injection.html Most of us are familiar with Neapolitan ice cream: a flavour whose distinguishing characteristic is not one single flavour but several. Many also know it as the ice cream which your roommate eats all of the chocolate, leaving you with the paltry remains of the notably less popular vanilla and strawberry flavours. While cleaning […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/1roZh1ScQTA/neapolitan-backdoor-injection.html
Podcast Episode 35: Security Researcher Jem Turner Talks About Pipdig Scandal
https://www.wordfence.com/blog/2019/08/podcast-episode-35-security-researcher-jem-turner-talks-about-pipdig-scandal/ Jem Turner was one of the security researchers that found malicious code in Pipdig’s P3 plugin. Both Jem and Wordfence’s Mikey Veenstra found the P3 plugin to contain a number of suspicious or malicious features, including a remote “killswitch,” an obfuscated function used to change users’ passwords, and code which generated hourly requests
More info:
https://www.wordfence.com/blog/2019/08/podcast-episode-35-security-researcher-jem-turner-talks-about-pipdig-scandal/
Podcast Episode 35: Security Researcher Jem Turner Talks About Pipdig Scandal
https://www.wordfence.com/blog/2019/08/podcast-episode-35-security-researcher-jem-turner-talks-about-pipdig-scandal/ Jem Turner was one of the security researchers that found malicious code in Pipdig’s P3 plugin. Both Jem and Wordfence’s Mikey Veenstra found the P3 plugin to contain a number of suspicious or malicious features, including a remote “killswitch,” an obfuscated function used to change users’ passwords, and code which generated hourly requests
More info:
https://www.wordfence.com/blog/2019/08/podcast-episode-35-security-researcher-jem-turner-talks-about-pipdig-scandal/
How to Block IPs with 6G Firewall
https://perishablepress.com/block-ips-6g-firewall/This quick post is aimed at users of the 6G Firewall. The latest 6G update removes the IP-address blocking section to improve firewall compatibility and implementation. So now with the IP section removed, you may be asking “how to block an IP address with 6G?” Well good news, this tutorial explains how to do it. […]
More info:
https://perishablepress.com/block-ips-6g-firewall/