all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin

Add to bookmarks
Nov. 21, 2023, 7:30 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity vulnerabilities we discovered in Kirotech’s UserPro plugin, which is actively installed on more than 20,000 WordPress websites.


Wordfence PremiumWordfence Care, and Wordfence Response users received several firewall rules to protect against any exploits targeting these vulnerabilities on May 19, 2023. Sites still using the free version of Wordfence received the same protection on June 18, 2023. …

authentication authentication bypass bypass care critical critical vulnerabilities disclosure escalation high intelligence may plugin premium privilege privilege escalation process response responsible responsible disclosure severity team threat threat intelligence vulnerabilities websites wordfence wordpress wordpress plugin

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

More control over SecOps with Logpoint’s latest release 36 minutes ago | malware.news
challenges control date incidents +20
Can You Outsmart Cybercriminals? Stay One Step Ahead with a Powerful Antivirus Solution! an hour ago | malware.news
antivirus attackers blog can +10
ISC Stormcast For Tuesday, May 7th, 2024 https://isc.sans.edu/podcastdetail/8970, (Tue, May 7th) an hour ago | malware.news
topic
HijackLoader Updates an hour ago | malware.news
architecture blog code code injection +13
RSAC 2024: U.S. Secretary of State Blinken advocates solidarity, not sovereignty, for cyber 3 hours ago | malware.news
advocates article blinken can +16
Online Scams: Are These All Scams? Distinguishing the Legit from the Scam 6 hours ago | malware.news
advancement authenticity domain etc +14
LNK File Disguised as Certificate Distributing RokRAT Malware 7 hours ago | malware.news
abnormal academy ahnlab asec +27
RSAC 2024: Google on the promise of large language models and cybersecurity 8 hours ago | malware.news
article cybersecurity defensive genai +13
NVIDIA patches three ChatRTX security bugs 10 hours ago | malware.news
apps article bugs chatrtx +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Operations Program Manager

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

Sr. Network Security engineer

@ NXP Semiconductors | Bengaluru (Nagavara)
View on infosec-jobs.com

DevSecOps Engineer

@ RP Pro Services | Washington, District of Columbia, United States
View on infosec-jobs.com

Consultant RSSI H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

TW Senior Test Automation Engineer (Access Control & Intrusion Systems)

@ Bosch Group | Taipei, Taiwan
View on infosec-jobs.com

Cyber Security, Senior Manager

@ Triton AI Pte Ltd | Singapore, Singapore, Singapore
View on infosec-jobs.com
View more jobs