![]() ![]() These are critical and easily exploitable security issues that have been patched, therefore, we highly recommend updating to the latest patched version available, 3.1.8, immediately if you are running a vulnerable version of this plugin (3.0- 3.1.3). The patch was quickly released on as version 3.1.4. An updated copy of the plugin was sent to our team on May 28, 2021, which we confirmed provided sufficient protection. After receiving confirmation of an appropriate communication channel, we provided the full disclosure details the same day. We initially reached out to the plugin’s developer on May 27, 2021. ![]() ![]() These flaws made it possible for an attacker to upload arbitrary files to a vulnerable site and register as an administrator on sites even if user registration was disabled, all without requiring any prior authentication. On May 27, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities that were discovered in ProfilePress, formerly WP User Avatar, a WordPress plugin installed on over 400,000 sites. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |