in

Easily Exploitable Critical Vulnerabilities Patched in ProfilePress Plugin (www.wordfence.com)

Easily Exploitable Critical Vulnerabilities Patched in ProfilePress Plugin

On May 27, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities that were discovered in ProfilePress, formerly WP User Avatar, a WordPress plugin installed on over 400,000 sites. These flaws made it possible for an attacker to upload arbitrary files to a vulnerable site and register as an administrator …

Leave a Reply

Cross-Site Request Forgery Patched in WP Fluent Forms

Cross-Site Request Forgery Patched in WP Fluent Forms (www.wordfence.com)

Service Vulnerabilities: Shared Hosting Symlink Security Issue Still Widely Exploited on Unpatched Servers

Service Vulnerabilities: Shared Hosting Symlink Security Issue Still Widely Exploited on Unpatched Servers (www.wordfence.com)