1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Vulnerability In WordPress GDPR Cookie Consent Plugin Risks 700K Websites

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Vulnerability In WordPress GDPR Cookie Consent Plugin Risks 700K Websites


IT Security Nachrichten vom | Direktlink: latesthackingnews.com Nachrichten Bewertung

Another WordPress plugin has now joined the list of plugins exhibiting threatening security flaws. This time, the vulnerability appeared in

Vulnerability In WordPress GDPR Cookie Consent Plugin Risks 700K Websites on Latest Hacking News.

...

Externe Webseite mit kompletten Inhalt öffnen

https://latesthackingnews.com/2020/02/15/vulnerability-in-wordpress-gdpr-cookie-consent-plugin-risks-700k-websites/

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes

    vom 1210.75 Punkte ic_school_black_18dp
    Update makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function. This vulnerabi
  • Issues related to referrer validation in the admin

    vom 1141.08 Punkte ic_school_black_18dp
    Ensure that admin referrer nonce is valid. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • A way to create a stored XSS to inject Javascript into style tags

    vom 1137.42 Punkte ic_school_black_18dp
    Reject file paths that contain sub-directory paths. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • Prevent unauthenticated views of publicly queryables content types

    vom 1137.42 Punkte ic_school_black_18dp
    The static query property was removed in order to prevent unauthenticated view of publicly queryable content types. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1
  • A server-side request forgery in the way that URLs were validated

    vom 1137.42 Punkte ic_school_black_18dp
    HTTP API: Protect against hex interpretation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • Escape file name for wp_ajax_upload_attachment to prevent XSS

    vom 1078.75 Punkte ic_school_black_18dp
    Set also default MIME type to "text/plain" instead of HTML. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.
  • Improve comment content filtering

    vom 1009.09 Punkte ic_school_black_18dp
    With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7
  • Bypass MIME verification by specifically crafted files

    vom 943.85 Punkte ic_school_black_18dp
    Authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability. Part of security release 5.0.1 This vulnerability affects the following application versions: Wo
  • Possible indexed activation screen could lead to exposure of sensitive information

    vom 943.09 Punkte ic_school_black_18dp
    The user activation screen could be indexed by search engines in some uncommon configurations which could lead to exposure of email addresses, and in some rare cases, default generated passwords. Part of security release 5.0.1 This vulnerability aff
  • Object injection in metadata by contributors

    vom 943.09 Punkte ic_school_black_18dp
    Contributors could craft meta data in a way that could result in PHP object injection. Part of security release 5.0.1 This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1
  • Ability to create unauthorized posts types

    vom 943.09 Punkte ic_school_black_18dp
    Authors could create posts of unauthorized post types with specially crafted input. Part of security release 5.0.1 This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1
  • Use the correct escaping function when outputting the meta box context to prevent XSS

    vom 906.42 Punkte ic_school_black_18dp
    Official description: Use the correct escaping function when outputting the meta box context. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7

Team Security Diskussion über Vulnerability In WordPress GDPR Cookie Consent Plugin Risks 700K Websites