TSEC NEWS: 06.05.21 Cron-Job Fehlerhaft nach PHP Update + PWA mobile + Desktop / 04.05.21 - Android App von TSECURITY 28.04.21 - NEUER SERVER // 26.04.21 ++ Download the Electron-App für tsecurity.de // Über 550 Feed-Quellen


❈ How to secure your WordPress login with 2FA

IT Security Nachrichten techrepublic.com

Jack Wallen shows you how to add two-factor authentication to your WordPress sites to avoid unwanted intrusions....


Kompletten Artikel lesen (externe Quelle: https://www.techrepublic.com/article/how-to-secure-your-wordpress-login-with-2fa/#ftag=RSS56d97e7)

Zur Startseite

➤ Weitere Beiträge von Team Security | IT Sicherheit (tsecurity.de)

[CVE-2020-36326 - CVE-2018-19296] Object injection in PHPMailer

vom 1570.85 Punkte
CVE-2020-36326 - An external file could be unexpectedly executable if it was used as a path to an attachment file via PHP's support for .phar files`. Exploitation requires that an attacker was able to provide an unfiltered path to a file to attach. CVE-2018-19296 - Was vuln

3 Security improvements XML-RPC

vom 1426.02 Punkte
[XML-RPC] Improve error messages for unprivileged users Add specific permission checks to avoid ambiguous failure messages. [XML-RPC] Fix length validation of anonymous commenter's email address Fix the first step of validating an anonymous commente

Ensure latest comments can only be viewed from public posts

vom 1400.03 Punkte
Issue where comments from password-protected posts and pages could be displayed under certain conditions. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor

Add a new filter to extend set-screen-option

vom 1351.75 Punkte
Issue where set-screen-option could be misused by plugins leading to privilege escalation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7

Prevent HTML decoding on by setting the proper editor context

vom 1351.75 Punkte
XSS issue where authenticated users with low privileges were able to add JavaScript to posts in the block editor. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor

Ensure that wp_validate_redirect() sanitizes a wider variety of characters

vom 1351.75 Punkte
Open redirect issue in wp_validate_redirect(). This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes

vom 1225.49 Punkte
Update makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function. This vulnerabi

Authenticated XSS issue via theme uploads

vom 1218.06 Punkte
Unescaped variable could lead to authenticated XSS issue via theme uploads. This vulnerability affects the following application versions: WordPress 3.8 WordPress 3.8.1 WordPress 3.8.2

Issues related to referrer validation in the admin

vom 1154.93 Punkte
Ensure that admin referrer nonce is valid. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

A way to create a stored XSS to inject Javascript into style tags

vom 1151.22 Punkte
Reject file paths that contain sub-directory paths. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

Prevent unauthenticated views of publicly queryables content types

vom 1151.22 Punkte
The static query property was removed in order to prevent unauthenticated view of publicly queryable content types. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1

A server-side request forgery in the way that URLs were validated

vom 1151.22 Punkte
HTTP API: Protect against hex interpretation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

Team Security Diskussion über How to secure your WordPress login with 2FA