all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin

Add to bookmarks
Nov. 21, 2023, 7:30 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity vulnerabilities we discovered in Kirotech’s UserPro plugin, which is actively installed on more than 20,000 WordPress websites.


Wordfence PremiumWordfence Care, and Wordfence Response users received several firewall rules to protect against any exploits targeting these vulnerabilities on May 19, 2023. Sites still using the free version of Wordfence received the same protection on June 18, 2023. …

authentication authentication bypass bypass care critical critical vulnerabilities disclosure escalation high intelligence may plugin premium privilege privilege escalation process response responsible responsible disclosure severity team threat threat intelligence vulnerabilities websites wordfence wordpress wordpress plugin

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities 2 hours ago | malware.news
advisory agency bureau cisa +32
Igor’s Tip of the Week #167: Adding and splitting segments 6 hours ago | malware.news
binary case code firmware +8
How To Recognize Macro Encrypted Strings in Malware 7 hours ago | malware.news
malware analysis topic
Apple issues emergency fixes for 2 WebKit 0-days exploited in the wild 9 hours ago | malware.news
apple article browsers bugs +16
PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin 9 hours ago | malware.news
backdoor campaign claims code +21
VMware Patches Critical Authentication Bypass Bug 9 hours ago | malware.news
authentication authentication bypass authentication bypass flaw bug +22
Exploitation of Unitronics programmable logic controllers 10 hours ago | malware.news
article canadian canadian centre for cyber security controllers +9
Make your WhatsApp chats even more private with a secret code. Here's how 10 hours ago | malware.news
article chats code conversation +8
Kimsuky hacking group faces US sanctions 11 hours ago | malware.news
apt43 assets control counter +23

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Specialist

@ Protect Democracy | Remote, US
View on infosec-jobs.com

Cybersecurity Systems Security Engineer II-T

@ ManTech | 809AR - Ft Carson,Colorado Springs,CO
View on infosec-jobs.com

Security Engineer (Supporting NASA at JSC)

@ KBR, Inc. | USA, Houston, 2101 NASA Parkway, Building 21, Texas
View on infosec-jobs.com

Head of Security & IT

@ ORFIUM | Dublin, County Dublin, Ireland
View on infosec-jobs.com

Chief Privacy Officer

@ Nike | Santa Clara,CA
View on infosec-jobs.com

Security Engineer

@ SPINS | Chicago, IL
View on infosec-jobs.com
View more jobs