Posts
AI Helps to Detect Incomplete Security Fix Being Made to 1+ Million Install WordPress Plugin WP File Manager
https://www.pluginvulnerabilities.com/2024/02/29/ai-helps-to-detect-incomplete-security-fix-being-made-to-1-million-install-wordpress-plugin-wp-file-manager/Open linkView original on lemmy.worldHacker Likely Targeting This Incompletely Fixed Authenticated Plugin Installation Vulnerability in WordPress Plugin NextMove Lite
https://www.pluginvulnerabilities.com/2024/02/13/hacker-likely-targeting-this-incompletely-fixed-authenticated-plugin-installation-vulnerability-in-wordpress-plugin-nextmove-lite/Open linkView original on lemmy.worldBe aware that CleanTalk is putting out misleading information about vulnerabilities in WordPress plugins.
They recently claimed that a vulnerability in a WordPress plugin exposed WordPress users passwords. It didn't, only password hashes. That is significantly different.
WPScan also claimed that the vulnerability allowed "account takeover," despite that being unlikely to happen there.