secbro42May 3

☠️ WordPress Plugin Leak: Unauthenticated File Uploads Expose Sites to Remote Code Execution via Missing Validation in UR

#CVE20264882 #FileUploadBug #RemoteCodeExecution #WPPluginSecurity #WordPressVulnerability #cve #cybersecurity #iso27001

EvostrixAug 28, 2024
WPML Plugin Vulnerability A Gateway for Remote Code Execution on WordPress Sites
Are you a WordPress user who relies on the WPML plugin for multilingual functionality on your website? Well, you might want to pay attention to the latest security vulnerability that has been uncovered.
#WPMLPlugin #WordPressSecurity #RemoteCodeExecution #WordPressVulnerability #CyberSecurity #WebDevelopment #PluginSecurity #WordPressTips #SiteProtection #MalwarePrevention
https://cloudhosting.evostrix.eu/wpml-plugin-vulnerability-a-gateway-for-remote-code-execution-on-wordpress-sites/
WPML Plugin Vulnerability A Gateway For Remote Code Execution On WordPress Sites » Security

In conclusion, the WPML plugin vulnerability CVE-2024-6386 is a serious issue that WordPress users need to be aware of. By staying informed and taking

Evo Cloud
pablolarahNov 21, 2023

🚨 Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin
by István Márton at @wordfence
#Wordpress #WordpressVulnerability #plugin

https://www.wordfence.com/blog/2023/11/several-critical-vulnerabilities-including-privilege-escalation-authentication-bypass-and-more-patched-in-userpro-wordpress-plugin/

Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin

On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity vulnerabilities we discovered in Kirotech’s UserPro plugin, which is actively installed on more than 20,000 WordPress websites. Wordfence Premium, Wordfence Care, and Wordfence Response users received several firewall rules to protect against any exploits targeting these vulnerabilities ...Read More

Wordfence
pablolarahOct 25, 2023

🚨 Several Critical Vulnerabilities Patched in AI ChatBot Plugin for WordPress
by Marco Wotschka at @wordfence
#Wordpress #WordpressVulnerability #WordpressPlugin #AIChatbotPlugin

https://www.wordfence.com/blog/2023/10/several-critical-vulnerabilities-patched-in-ai-chatbot-plugin-for-wordpress/

Several Critical Vulnerabilities Patched in AI ChatBot Plugin for WordPress

On September 28, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for multiple vulnerabilities in AI ChatBot, a WordPress plugin with over 4,000 active installations. After making our initial contact attempt on September 28th, 2023, we received a response on September 29, 2023 and sent over our full disclosure details. Receipt of ...Read More

Wordfence
pablolarahOct 23, 2023

🟣 4 Million WordPress Sites affected by Stored Cross-Site Scripting Vulnerability in LiteSpeed Cache Plugin
by István Márton at @wordfence
#Wordpress #WordpressVulnerability #WordpressPlugin

https://www.wordfence.com/blog/2023/10/4-million-wordpress-sites-affected-by-stored-cross-site-scripting-vulnerability-in-lightspeed-cache-plugin/

4 Million WordPress Sites affected by Stored Cross-Site Scripting Vulnerability in LiteSpeed Cache Plugin

On August 14, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in LiteSpeed Cache plugin, which is actively installed on more than 4,000,000 WordPress websites, making it the most popular cache plugin. The vulnerability enables threat actors with contributor-level permissions or higher to ...Read More

Wordfence