all InfoSec news
Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin
Malware Analysis, News and Indicators - Latest topics malware.news
On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity vulnerabilities we discovered in Kirotech’s UserPro plugin, which is actively installed on more than 20,000 WordPress websites.
Wordfence Premium, Wordfence Care, and Wordfence Response users received several firewall rules to protect against any exploits targeting these vulnerabilities on May 19, 2023. Sites still using the free version of Wordfence received the same protection on June 18, 2023. …
authentication authentication bypass bypass care critical critical vulnerabilities disclosure escalation high intelligence may plugin premium privilege privilege escalation process response responsible responsible disclosure severity team threat threat intelligence vulnerabilities websites wordfence wordpress wordpress plugin