Authenticated RCE vulnerability in WordPress Secure File Manager plugin (unpatched).

The WordPress Secure File Manager plugin (1,000 active installations) is prone to an authenticated remote code execution vulnerability affect version 2.5 and below.

Posted on November 10, 2020 - 12:42pm [+0700]
NinjaFirewall

WordPress Ultimate Reviews plugin fixed insecure deserialization vulnerability.

The WordPress Ultimate Reviews plugin (2,000+ active installations) fixed an insecure deserialization vulnerability affecting version 2.1.32 and below that could lead to unauthenticated PHP object injection.

GDPR CCPA Compliance Support plugin fixed insecure deserialization vulnerability.

The WordPress GDPR CCPA Compliance Support plugin (1,000+ active installations) fixed an insecure deserialization vulnerability affecting version 2.1 and below that could lead to unauthenticated PHP object injection.

NinTechNet changelog.

November 22, 2020 NinjaFirewall (Pro+/Pro) v4.2 Pro+ Edition (Premium): Added a new access control section: “User Input Access Control”. It can be used to ignore or…

Critical zero-day vulnerability fixed in WordPress TI WooCommerce Wishlist plugin.

The WordPress TI WooCommerce Wishlist plugin (70,000+ installations) fixed a critical Zero-Day vulnerability affecting version 1.21.11 and below that could allow an attacker to take over the blog and its database.