Switch to the dark mode that's kinder on your eyes at night time.

Switch to the light mode that's kinder on your eyes at day time.

Switch to the dark mode that's kinder on your eyes at night time.

Switch to the light mode that's kinder on your eyes at day time.

Easily Exploitable Critical Vulnerabilities Patched in ProfilePress Plugin (www.wordfence.com)

by WPNEWS team July 5, 2021, 09:48

On May 27, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities that were discovered in ProfilePress, formerly WP User Avatar, a WordPress plugin installed on over 400,000 sites. These flaws made it possible for an attacker to upload arbitrary files to a vulnerable site and register as an administrator …

ProfilePress

More From: Security

Fake CVE Phishing Campaign Tricks WordPress Users Into Installing Malware (patchstack.com)
For the past couple of days, the Patchstack team has been monitoring a mass-scale phishing campaign with multiple variants of phishing emails going around that are notifying users about a[…]
Wordfence Launches Bug Bounty Program to Fund WordPress Security Research and Showcase Researchers (www.wordfence.com)
At Defiant Inc and Wordfence, our mission is to Secure the Web. A critical component of creating and maintaining a secure online community is the research that reveals vulnerabilities in[…]
4 Million WordPress Sites affected by Stored Cross-Site Scripting Vulnerability in LiteSpeed Cache Plugin (www.wordfence.com)
On August 14, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in LiteSpeed Cache plugin, which is actively[…]
How to Find & Fix Japanese SEO Spam (blog.sucuri.net)
Japanese SEO Spam, also known as “Japanese keyword hack” or “Japanese SEO poisoning,” is a spammy search engine optimization technique used by black hat SEO artists to make a website[…]
The WordPress “Zombie” Plugins Pandemic Affects 1.6M+ Websites (patchstack.com)
The WordPress ecosystem is getting better with addressing security issues, but there is one big bottleneck – unreachable plugin developers.
2023 WordPress Security Survey – What we have learned (melapress.com)
Melapress presents the results and findings of its WordPress Security Survey 2023 edition held online, and in-person at WCEU.

Easily Exploitable Critical Vulnerabilities Patched in ProfilePress Plugin (www.wordfence.com)

Leave a ReplyCancel reply

ProfilePress: Announcing Paid Membership. Accept One-time, Recurring Payments & Sell Subscriptions (profilepress.com)

ProfilePress Rebrands and Repurposes WP User Avatar, Now a Membership Plugin, Users Revolt via the WordPress Review System (wptavern.com)

Fake CVE Phishing Campaign Tricks WordPress Users Into Installing Malware (patchstack.com)

Wordfence Launches Bug Bounty Program to Fund WordPress Security Research and Showcase Researchers (www.wordfence.com)

4 Million WordPress Sites affected by Stored Cross-Site Scripting Vulnerability in LiteSpeed Cache Plugin (www.wordfence.com)

How to Find & Fix Japanese SEO Spam (blog.sucuri.net)

The WordPress “Zombie” Plugins Pandemic Affects 1.6M+ Websites (patchstack.com)

2023 WordPress Security Survey – What we have learned (melapress.com)

Cross-Site Request Forgery Patched in WP Fluent Forms (www.wordfence.com)

Service Vulnerabilities: Shared Hosting Symlink Security Issue Still Widely Exploited on Unpatched Servers (www.wordfence.com)

Leave a ReplyCancel reply

Log In

Sign In

Forgot password?

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections