Multiple WordPress plugins fixed CSRF vulnerabilities (part 1).

Many WordPress plugins were found to be vulnerable to cross-site request forgery (CSRF) attacks.

More WordPress plugins and themes vulnerable to CSRF attacks.

Additional WordPress plugins and themes were found to be vulnerable to CSRF attacks.

25 WordPress plugins vulnerable to CSRF attacks.

Twenty five plugins for WordPress were found to be vulnerable to cross-site request forgery (CSRF) attacks.

NinTechNet changelog.

April 10, 2021 NinjaFirewall (Pro+/Pro) v4.2.2 The “Uploads > Allow, but block dangerous files” policy will now block uploaded files that include JavaScript tags. Pro+ Edition…

Posted on March 16, 2021 - 11:18pm [+0700]
NinjaFirewall

Zero-day vulnerability fixed in WordPress Flo Forms plugin.

The WordPress Flo Forms plugin (10,000+ installations) fixed a critical zero-day vulnerability affecting version 1.0.35 and below that could allow the attacker to take over the website and its database.