Local File Inclusion Vulnerability Patched in Shield Security WordPress Plugin | allinfosecnews.com

Feb. 5, 2024, 3:05 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

On December 18, 2023, right before the end of Holiday Bug Extravaganza, we received a submission for a Local File Inclusion vulnerability in Shield Security, a WordPress plugin with more than 50,000+ active installations. It’s important to note that this vulnerability is limited to just the inclusion of PHP files, however, it could be leveraged by an attacker who has the ability to upload PHP files but can not directly access those files to execute.

Props to hir0ot who …

bug december end file files holiday important inclusion local php plugin security shield submission vulnerability wordpress wordpress plugin

More from malware.news / Malware Analysis, News and Indicators - Latest topics

How to Use Threat Intelligence Feeds an hour ago | malware.news

attack can cybersecurity effectively +10

APT28 campaign directed against Polish government institutions an hour ago | malware.news

apt28 article campaign cert +9

Is fear slowing down the adoption of self-driving cars? an hour ago | malware.news

adoption autonomous autonomous vehicle cars +19

Protecting against cross-platform account takeover 2 hours ago | malware.news

account account takeover article link +10

CI/CD pipelines and the cloud: Are your development secrets at risk? 2 hours ago | malware.news

aws azure can cd pipelines +19

Veeam Service Provider Console Affected by Severe RCE Vulnerability: CVE-2024-29212 2 hours ago | malware.news

attackers backup code console +14

State of ransomware in 2024 4 hours ago | malware.news

attacks breaches businesses continue +20

LABScon23 Replay | macOS Components Used in North Korean Crypto-Heists 4 hours ago | malware.news

analysis apts cluster components +19

Monthly Threat Report May 2024: Satya Nadella’s Statement on Security, and a New UK Law … 5 hours ago | malware.news

commentary current cybersecurity data +18

XDR Detection Engineer

@ SentinelOne | Italy

View on infosec-jobs.com

Security Engineer L2

@ NTT DATA | A Coruña, Spain

View on infosec-jobs.com

Cyber Security Assurance Manager

@ Babcock | Portsmouth, GB, PO6 3EN

View on infosec-jobs.com

Senior Threat Intelligence Researcher

@ CloudSEK | Bengaluru, Karnataka, India

View on infosec-jobs.com

Cybersecurity Analyst 1

@ Spry Methods | Washington, DC (Hybrid)

View on infosec-jobs.com

Security Infrastructure DevOps Engineering Manager

@ Apple | Austin, Texas, United States

View on infosec-jobs.com