WooCommerce <= 3.5.4 – Stored Cross-Site Scripting (XSS)
More info:
https://wpvulndb.com/vulnerabilities/9221
High-Tech Bridge COO Talks About Web & WordPress Security
https://www.wpwhitesecurity.com/interview-high-tech-bridge-wordpress-security/As of the beginning of 2019, WordPress powers 33% of the top ten million websites, confirming it as the most popular and widely used blogging and CMS platform again. Such popularity attracts a lot of attention, and application security software companies which typically focus on security solutions for custom web applications are now also interested […]
More info:
https://www.wpwhitesecurity.com/interview-high-tech-bridge-wordpress-security/
Advanced Custom Fields <= 5.7.7 – Authenticated Cross-Site Scripting (XSS)
More info:
https://wpvulndb.com/vulnerabilities/9163
WordPress 3.7-5.0 (except 4.9.9) – Authenticated Code Execution
More info:
https://wpvulndb.com/vulnerabilities/9222
PHP vulnerability CVE-2019-9021
PHP vulnerability CVE-2019-9021 Security Advisory Security Advisory Description An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap ...
More info:
https://support.f5.com/csp/article/K50602063
RHSA-2019:0436-1: Moderate: java-11-openjdk security update
Red Hat Enterprise Linux: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2019-2422
More info:
http://rhn.redhat.com/errata/RHSA-2019-0436.html
JSA10772 – 2017-01 Security Bulletin: Junos: RPD crash while processing RIP advertisements (CVE-2017-2303)
More info:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10772&actp=RSS
JSA10771 – 2017-01 Security Bulletin: Junos: Denial of Service vulnerability in RPD (CVE-2017-2302)
More info:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10771&actp=RSS
Google Analytics and Angular in Magento Credit Card Stealing Scripts
http://feedproxy.google.com/~r/sucuri/blog/~3/h_nVww4C3g0/google-analytics-and-angular-in-magento-credit-card-stealing-scripts.html Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious and evade detection by website owners. The malicious code is obfuscated and injected into legitimate JS files, such as skin/frontend/default/theme122k/js/jquery.jscrollpane.min.js,
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/h_nVww4C3g0/google-analytics-and-angular-in-magento-credit-card-stealing-scripts.html
Google Analytics and Angular in Magento Credit Card Stealing Scripts
http://feedproxy.google.com/~r/sucuri/blog/~3/h_nVww4C3g0/google-analytics-and-angular-in-magento-credit-card-stealing-scripts.html Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious and evade detection by website owners. The malicious code is obfuscated and injected into legitimate JS files, such as skin/frontend/default/theme122k/js/jquery.jscrollpane.min.js,
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/h_nVww4C3g0/google-analytics-and-angular-in-magento-credit-card-stealing-scripts.html