Tracked as CVE-2021-25094 (CVSS score of 8.1), the vulnerability exists because one of the supported actions does not require authentication when uploading a zip file that is extracted under the WordPress upload directory. While the plugin includes an extension control, this can be bypassed by adding a PHP shell with a filename that begins with […]
Posts Tagged ‘WordPress Vulnerabilities’
Security vulnerabilities affecting different WordPress plugins saw a 142% increase in 2021 compared to the year before, experts have revealed. Analyzing the state of the WordPress ecosystem, which includes some 58,000 free plugins, as well as “tens of thousands” more available for purchase, Risk Based Security say the spike in the vulnerabilities to hit 2,240 […]
Two of the flaws are SQL injections — one affects WP_Meta_Query (discovered by Ben Bidner of the WordPress security team) and one affects WP_Query (discovered by ngocnb and khuyenn of GiaoHangTietKiem JSC). Simon Scannell of SonarSource reported an object injection issue affecting some multisite installations, as well as a stored cross-site scripting (XSS) bug. Karim […]
SUNDAY, FEBRUARY 23, 2025
WHITE PAPERS
Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...
ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...
Latest Comments