in

Easily Exploitable Critical Vulnerabilities Patched in ProfilePress Plugin (www.wordfence.com)

Easily Exploitable Critical Vulnerabilities Patched in ProfilePress Plugin

On May 27, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities that were discovered in ProfilePress, formerly WP User Avatar, a WordPress plugin installed on over 400,000 sites. These flaws made it possible for an attacker to upload arbitrary files to a vulnerable site and register as an administrator …

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

    Cross-Site Request Forgery Patched in WP Fluent Forms

    Cross-Site Request Forgery Patched in WP Fluent Forms (www.wordfence.com)

    Service Vulnerabilities: Shared Hosting Symlink Security Issue Still Widely Exploited on Unpatched Servers

    Service Vulnerabilities: Shared Hosting Symlink Security Issue Still Widely Exploited on Unpatched Servers (www.wordfence.com)