Information disclosure vulnerability fixed in WordPress Doneren Met Mollie plugin.

The WordPress Doneren Met Mollie plugin (4,000+ active installations) fixed a broken access control vulnerability affecting version 2.8.4 and below that could lead to authenticated information disclosure.

Multiple vulnerabilities in WordPress WP Quick FrontEnd Editor plugin (unpatched).

The WordPress WP Quick FrontEnd Editor plugin (1,000+ active installations) is prone to a broken access control vulnerability affecting version 5.5 and below that could lead to authenticated content injection, stored XSS and settings change.

Insecure deserialization vulnerability in WordPress Newsletter Manager plugin (unpatched).

The WordPress Newsletter Manager plugin (5,000+ active installations) is prone to an insecure deserialization vulnerability affecting version 1.5.1 and below that could lead to unauthenticated PHP object injection.

Posted on December 23, 2020 - 6:15pm [+0700]
NinjaFirewall

How to get informed about the latest security updates in your WordPress plugins and themes.

Getting quickly informed when a security update is available in your themes or plugins is an important factor in keeping your website safe.

NinTechNet changelog.

December 20, 2020 NinjaFirewall (WP+/WP) v4.3.1 Added a new policy to disable the “Application Passwords” feature that was introduced in WordPress 5.6. See “Firewall Policies >…