Feb. 5, 2024, 3:05 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

On December 18, 2023, right before the end of Holiday Bug Extravaganza, we received a submission for a Local File Inclusion vulnerability in Shield Security, a WordPress plugin with more than 50,000+ active installations. It’s important to note that this vulnerability is limited to just the inclusion of PHP files, however, it could be leveraged by an attacker who has the ability to upload PHP files but can not directly access those files to execute.


Props to hir0ot who …

bug december end file files holiday important inclusion local php plugin security shield submission vulnerability wordpress wordpress plugin

Deputy Chief Information Security Officer

@ United States Holocaust Memorial Museum | Washington, DC

Humbly Confident Security Lead

@ YNAB | Remote

Information Technology Specialist II: Information Security Engineer

@ WBCP, Inc. | Pasadena, CA.

Head of Incident Response

@ Halcyon | Remote

Consultant Sénior Cyber Sécurité H/F

@ Hifield | Lyon, France

Staff Application Security Engineer (AppSec) - Open to remote across ANZ

@ Canva | Sydney, Australia