all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin

Add to bookmarks
May 31, 2023, 12:27 p.m. | István Márton

Wordfence www.wordfence.com

On May 20, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in WPDeveloper’s ReviewX plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it possible for an authenticated attacker to grant themselves administrative privileges via a user meta update. Wordfence ...
Read More


The post WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin appeared first on Wordfence.

addresses administrative privileges disclosure escalation grant intelligence may plugin privilege privilege escalation privileges process research responsible responsible disclosure team threat threat intelligence vulnerabilities vulnerability websites wordfence wordpress wordpress plugin wordpress security

Visit resource

More from www.wordfence.com / Wordfence

$1,250 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in Email Subscribers by Icegram Express … 17 hours ago | www.wordfence.com
bounty bug bug bounty can +19
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024) 4 days, 14 hours ago | www.wordfence.com
april bounty bug bug bounty +17
Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WordPress Core 5 days, 14 hours ago | www.wordfence.com
april block bug cross-site +13
$937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS … 6 days, 18 hours ago | www.wordfence.com
bounty bug bug bounty disclosure +21
$657 Bounty Awarded for Arbitrary File Upload Patched in WEmanage App Worker WordPress Plugin 1 week, 3 days ago | www.wordfence.com
app bounty bug bug bounty +17
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024) 1 week, 4 days ago | www.wordfence.com
bounty bug bug bounty disclosure +17
$5,500 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in LayerSlider WordPress Plugin 1 week, 6 days ago | www.wordfence.com
bounty bug bug bounty can +19
Introducing New Pricing For Wordfence CLI! 2 weeks ago | www.wordfence.com
announcement august back cli +20
Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WP-Members Membership Plugin – $500 Bounty Awarded 2 weeks ago | www.wordfence.com
bounty bug bug bounty cross-site +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Database Security Engineer, Assistant Vice President

@ MUFG | Tampa - 4050 West Boy Scout Blvd.
View on infosec-jobs.com

Senior IR & SecOps Engineer

@ JFrog | Tel Aviv
View on infosec-jobs.com

Consultant ITSCM / IT-Notfallmanagement (m/w/d)

@ Schwarz Gruppe | Berlin, DE
View on infosec-jobs.com

Freelancer Auditor Information Security - ISO 27001 - Netherlands

@ LRQA | Rotterdam, NL
View on infosec-jobs.com

GG9b-Assoc Eng II, Services

@ HARMAN International | IN Bengaluru EOIZ Indust Area Campus HCS
View on infosec-jobs.com
View more jobs