Two of the flaws are SQL injections — one affects WP_Meta_Query (discovered by Ben Bidner of the WordPress security team) and one affects WP_Query (discovered by ngocnb and khuyenn of GiaoHangTietKiem JSC). Simon Scannell of SonarSource reported an object injection issue affecting some multisite installations, as well as a stored cross-site scripting (XSS) bug. Karim […]
Posts Tagged ‘WordPress’
Despite two critical flaws in a popular WordPress plugin being patched weeks ago, hundreds of thousands of webmasters are yet to deploy the update, putting their sites at risk of takeover attacks. The “All in One” SEO WordPress plugin was vulnerable to two flaws – CVE-2021-25036, which is a critical Authenticated Privilege Escalation flaw, and […]
Researchers have uncovered a previously unknown malicious IIS module, dubbed Owowa, that steals credentials when users log into Microsoft Outlook Web Access (OWA). Internet Information Services (IIS), Microsoft’s web server/web-hosting software suite, can be extended via various add-ons that are known as modules. Like plugins for WordPress or Chrome extensions, IIS modules offer an attractive […]
SUNDAY, APRIL 20, 2025
WHITE PAPERS
Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...
ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...
Latest Comments