Blog

https://www.wordfence.com/blog/2019/07/podcast-episode-30-wordpress-ad-inserter-plugin-vulnerability-and-other-news/ This week we review a critical vulnerability in the Ad Inserter plugin, currently installed on over 200,000 WordPress sites. The vulnerability, discovered by our Director of Threat Intelligence Sean Murphy, was patched quickly by the developer. We also cover Google’s decision to remove Chrome’s built-in XSS protection, a researcher’s discovery of vulnerability More info: https://www.wordfence.com/blog/2019/07/podcast-episode-30-wordpress-ad-inserter-plugin-vulnerability-and-other-news/

https://www.wpwhitesecurity.com/how-to-manage-wordpress-users/The more users your have on your WordPress website, the more difficult it is to manage them. The administrative efforts required usually include controlling access, restricting ‘site-breaking’ settings, stopping users from modifying specific content, and more. WordPress has user roles to let you set privileges and manage users. However, there are plenty of other ways […] More info: https://www.wpwhitesecurity.com/how-to-manage-wordpress-users/

SAMBA vulnerability CVE-2018-16860 Security Advisory Security Advisory Description One or more CVEs are RESERVED ** RESERVED ** This candidate has been reserved by an organization or individual ... More info: https://support.f5.com/csp/article/K85796417

https://wpbuffs.com/wordpress-security-plugins/We have good news and bad news for you. First, the bad news: because WordPress is one of the most popular content management systems in use, there’s a lot of people trying to exploit WordPress sites. After all, many people don’t take security too seriously. If you can figure out how to exploit one site, […] More info: https://wpbuffs.com/wordpress-security-plugins/

SAMBA vulnerability CVE-2018-16860 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing ... More info: https://support.f5.com/csp/article/K85796417

Expat XML parser vulnerability CVE-2018-20843 Security Advisory Security Advisory Description In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons ... More info: https://support.f5.com/csp/article/K51011533

Two security issues have been discovered in LibreOffice: More info: https://www.debian.org/security/2019/dsa-4483

http://feedproxy.google.com/~r/sucuri/blog/~3/dAC4aK5Gf2M/stolen-payment-data-infected-ecommerce-website-to-darknet-markets.html The final actor of the stolen payment data supply chain is the end user. Rather than just selling or reselling payment data, the end user plans on fraudulently monetizing it. This malicious end user typically buys payment data in limited quantities, since: The price per stolen data greatly increases from when it was originally […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/dAC4aK5Gf2M/stolen-payment-data-infected-ecommerce-website-to-darknet-markets.html

More info: https://wpvulndb.com/vulnerabilities/9459

https://ithemes.com/wordpress-vulnerability-roundup-july-2019-part-1/New WordPress plugin and theme vulnerabilities were disclosed during the first half of this month, so we want to keep you aware. We divide the WordPress Vulnerability Roundup into four different categories: 1. WordPress core 2. WordPress Plugins 3. WordPress Themes 4. Breaches From Around the Web *We include breaches from around the web because […] More info: https://ithemes.com/wordpress-vulnerability-roundup-july-2019-part-1/