-
March 2020 Monthly Vulnerability Roundup
WordPress Plugin Vulnerabilities LifterLMS < 3.37.15 – Arbitrary File WritingWordPress SEO Plugin – Rank Math < 1.0.41 – Redirect Creation via Unprotected REST API EndpointWordPress SEO Plugin – Rank Math < 1.0.41 – Privilege Escalation via Unprotected REST API EndpointElementor Page Builder < 2.9.6 – Authenticated Safe Mode Privilege EscalationCM Pop-Up banners < 1.4.11 -…
-
Slack Incoming Webhook Notifications
From today all Enterprise users have access to Slack Incoming Webhook Notifications functionality. The new notifications allow Enterprise users to set a Slack Incoming Webhook URL within their profile page that will send a Slack notification with the vulnerability title and URL every time a new vulnerability is added to our database.
-
Ultimate Membership Pro Premium WordPress Plugin Recent Vulnerabilities Breakdown
While checking fixes of critical issues in a premium plugin, we stumbled across an insufficient filename entropy where the PHP function time() was used to generate a part of the md5 hashed string to form the filename. These files generally contain sensitive data, such as log, PII etc and as it’s not the first we see such…
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
WPScan 