Superliga Kalendarium Co się działo Dlaczego projekt się rozpadł? sport.onet.pl - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from sport.onet.pl Daily Mail and Mail on Sunday newspapers.
minute read
Share this article:
Two security vulnerabilities one a privilege-escalation problem and the other a stored XSS bug afflict a WordPress plugin with 40,000 installs.
Two vulnerabilities (one critical) in a WordPress plugin called Orbit Fox could allow attackers to inject malicious code into vulnerable websites and/or take control of a website.
Orbit Fox is a multi-featured WordPress plugin that works with the Elementor, Beaver Builder and Gutenberg site-building utilities. It allows site administrators to add features such as registration forms and widgets. The plugin, from a developer called ThemeIsle, has been installed by 400,000+ sites.
According to researchers at Wordfence, the first flaw (CVEs are pending) is an authenticated privilege-escalation flaw that carries a CVSS bug-severity score of 9.9, making it critical. Authenticated attackers with contributor level access or above can elevate themselves to administrator status and potentially take
A poorly configured file opens users up to site takeover.
Easy WP SMTP, a WordPress plugin for email management that has more than 500,000 installations, has a vulnerability that could open the site up to takeover, researchers said.
Easy WP SMTP allows users to configure and send all outgoing emails via a SMTP server, so that they don’t end up in the recipient’s junk/spam folder. Version 1.4.2 and below contains a flaw in the debug file that is exposed because of a fundamental error in how the plugin maintains a folder, according to researchers at GBHackers.
“[The vulnerability] would allow an unauthenticated user to reset the admin password which would enable the hacker to take complete control of the website,” according to a Monday posting.