Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 Vulnerability: Remote code execution (RCE) Patched Version: 3.6.3 On April 12th, an important security update was released for the Elementor plugin patching a critical remote code vulnerability which allows all authenticated users, including subscribers, to upload and execute arbitrary PHP code on a vulnerable website. This
What does your WordPress site look like to hackers? Would it be tough to crack? Or does it have unlocked doors and unlatched windows just waiting for someone to try them? If you want to run a security test on your WordPress site that’ll reveal its weaknesses, get familiar with WPScan. Even though most hackers don’t have insider knowledge of your site’s weaknesses, there’s a lot
More than 100,000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover.
A poorly configured file opens users up to site takeover.
As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an “imminent” cyber-threat, including Amazon, Costco, Kroger and Walmart.
Adobe fixed three critical-severity flaws in Adobe Prelude, Adobe Experience Manager and Adobe Lightroom.
The high-severity cross-site scripting flaws could allow remote-code injection on QNAP NAS systems.
Patches for a flaw (CVE-2020-8913) in the Google Play Core Library have not been implemented by several popular Google Play apps, including Cisco Teams and Edge.
The GO SMS Pro app has been downloaded 100 million times; now, underground forums are actively sharing images stolen from GO SMS servers.
The critical and important-severity flaws were found by a team at the China-based Tiunfu Cup hacking challenge.