DSA-4414 libapache2-mod-auth-mellon – security update
Several issues have been discovered in Apache module auth_mellon, whichprovides SAML 2.0 authentication.
More info:
https://www.debian.org/security/2019/dsa-4414
NextScripts <= 4.2.7 – Cross-Site Scripting (XSS)
More info:
https://wpvulndb.com/vulnerabilities/9242
WP Live Chat Support <= 8.0.17 – Cross-Site Scripting (XSS)
More info:
https://wpvulndb.com/vulnerabilities/9244
KingComposer – Cross-Site Scripting (XSS)
More info:
https://wpvulndb.com/vulnerabilities/9241
Social Warfare <= 3.5.2 – Unauthenticated Arbitrary Settings Update
More info:
https://wpvulndb.com/vulnerabilities/9238
Give <= 2.3.0 – Cross-Site Scripting (XSS)
More info:
https://wpvulndb.com/vulnerabilities/9240
WP Google Maps <= 7.10.41 – Cross-Site Scripting (XSS)
More info:
https://wpvulndb.com/vulnerabilities/9243
Font_Organizer 2.1.1 – Cross-Site Scripting (XSS)
More info:
https://wpvulndb.com/vulnerabilities/9239
YOP Poll <= 6.0.2 – Cross-Site Scripting (XSS)
More info:
https://wpvulndb.com/vulnerabilities/9245
Hackers Abusing Recently Patched Vulnerability In Easy WP SMTP Plugin
https://www.wordfence.com/blog/2019/03/hackers-abusing-recently-patched-vulnerability-in-easy-wp-smtp-plugin/ Over the weekend, a vulnerability was disclosed and patched in the popular WordPress plugin Easy WP SMTP. The plugin allows users to configure SMTP connections for outgoing email, and has a userbase of over 300,000 active installs. The vulnerability is only present in version 1.3.9 of the plugin, and all of the plugin’s users […]
More info:
https://www.wordfence.com/blog/2019/03/hackers-abusing-recently-patched-vulnerability-in-easy-wp-smtp-plugin/